packages/libxsmm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-39535 CVE-2021-39536

Browse Source 
(cherry picked from commit d83b92e988575c1d0583ddd9a00f514d6f344548)
This commit is contained in:
starlet-dx 2021-12-22 17:54:45 +08:00 committed by openeuler-sync-bot
parent cea82ed945
commit 7a5f906949
2 changed files with 309 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

304
CVE-2021-39535_CVE-2021-39536.patch Normal file
View File

@ -0,0 +1,304 @@
From 3f417e5e0670b066d558052fd32fc8093c81ee94 Mon Sep 17 00:00:00 2001
From: Hans Pabst <hans.pabst@intel.com>
Date: Fri, 1 Oct 2021 10:22:57 +0200
Subject: [PATCH] Issue 513: merge fixes from master/main.
---
src/generator_spgemm_csc_bsparse.c | 2 +-
src/generator_spgemm_csc_reader.c | 52 +++++++++++++++---------------
src/generator_spgemm_csc_reader.h | 4 +--
src/generator_spgemm_csr_asparse.c | 2 +-
src/generator_spgemm_csr_reader.c | 52 +++++++++++++++---------------
src/generator_spgemm_csr_reader.h | 4 +--
6 files changed, 58 insertions(+), 58 deletions(-)
diff --git a/src/generator_spgemm_csc_bsparse.c b/src/generator_spgemm_csc_bsparse.c
index 18e0fd4e7d..0ffa6bb0ae 100644
--- a/src/generator_spgemm_csc_bsparse.c
+++ b/src/generator_spgemm_csc_bsparse.c
@@ -133,7 +133,7 @@ void libxsmm_generator_spgemm_csc_bsparse( libxsmm_generated_code* io_ge
return;
}
- /* generate the actuel kernel */
+ /* generate the actual kernel */
l_code_length = LIBXSMM_SNPRINTF(l_new_code, l_max_code_length, " for ( l_m = 0; l_m < %u; l_m++) {\n", (unsigned int)i_xgemm_desc->m);
libxsmm_append_code_as_string( io_generated_code, l_new_code, l_code_length );
diff --git a/src/generator_spgemm_csc_reader.c b/src/generator_spgemm_csc_reader.c
index b7cc2aa2bd..50480e93a6 100644
--- a/src/generator_spgemm_csc_reader.c
+++ b/src/generator_spgemm_csc_reader.c
@@ -56,8 +56,8 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code,
unsigned int** o_row_idx,
unsigned int** o_column_idx,
double** o_values,
- unsigned int* o_row_count,
- unsigned int* o_column_count,
+ unsigned int* io_row_count,
+ unsigned int* io_column_count,
unsigned int* o_element_count ) {
FILE *l_csc_file_handle;
const unsigned int l_line_length = 512;
@@ -75,7 +75,8 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code,
while (fgets(l_line, l_line_length, l_csc_file_handle) != NULL) {
if ( strlen(l_line) == l_line_length ) {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
fclose( l_csc_file_handle ); /* close mtx file */
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_LEN );
return;
@@ -86,18 +87,21 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code,
} else {
/* if we are the first line after comment header, we allocate our data structures */
if ( l_header_read == 0 ) {
- if (3 == sscanf(l_line, "%u %u %u", o_row_count, o_column_count, o_element_count) &&
- 0 != *o_row_count && 0 != *o_column_count && 0 != *o_element_count)
+ unsigned int row_count, column_count;
+ if (3 == sscanf(l_line, "%u %u %u", &row_count, &column_count, o_element_count) &&
+ 0 != row_count && 0 != column_count && 0 != *o_element_count)
{
- /* allocate CSC data structure matching mtx file */
+ *io_column_count = LIBXSMM_MAX(*io_column_count, column_count);
+ *io_row_count = LIBXSMM_MAX(*io_row_count, row_count);
+ /* allocate CSC data structure matching mtx file, and set everything to zero for init */
/* coverity[tainted_data] */
- *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count));
+ *o_row_idx = (unsigned int*)calloc(*o_element_count, sizeof(unsigned int));
/* coverity[tainted_data] */
- *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * ((size_t)(*o_column_count) + 1));
+ *o_column_idx = (unsigned int*)calloc((size_t)*io_column_count + 1, sizeof(unsigned int));
/* coverity[tainted_data] */
- *o_values = (double*) malloc(sizeof(double) * (*o_element_count));
+ *o_values = (double*)calloc(*o_element_count, sizeof(double));
/* coverity[tainted_data] */
- l_column_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_column_count));
+ l_column_idx_id = (unsigned int*)calloc(*io_column_count, sizeof(unsigned int));
/* check if mallocs were successful */
if ( ( *o_row_idx == NULL ) ||
@@ -105,25 +109,16 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code,
( *o_values == NULL ) ||
( l_column_idx_id == NULL ) ) {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
fclose(l_csc_file_handle); /* close mtx file */
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_ALLOC_DATA );
return;
}
- /* set everything to zero for init */
- /* coverity[tainted_data] */
- memset(*o_row_idx, 0, sizeof(unsigned int) * (*o_element_count));
- /* coverity[tainted_data] */
- memset(*o_column_idx, 0, sizeof(unsigned int) * ((size_t)(*o_column_count) + 1));
- /* coverity[tainted_data] */
- memset(*o_values, 0, sizeof(double) * (*o_element_count));
- /* coverity[tainted_data] */
- memset(l_column_idx_id, 0, sizeof(unsigned int) * (*o_column_count));
-
/* init column idx */
/* coverity[tainted_data] */
- for (l_i = 0; l_i <= *o_column_count; ++l_i) {
+ for (l_i = 0; l_i <= *io_column_count; ++l_i) {
(*o_column_idx)[l_i] = *o_element_count;
}
/* init */
@@ -140,9 +135,13 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code,
unsigned int l_row = 0, l_column = 0;
double l_value = 0;
/* read a line of content */
- if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3 ) {
+ if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3
+ || l_row > *io_row_count || l_column > *io_column_count
+ || l_i >= *o_element_count )
+ {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
fclose(l_csc_file_handle); /* close mtx file */
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_ELEMS );
return;
@@ -168,14 +167,15 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code,
/* check if we read a file which was consistent */
if ( l_i != (*o_element_count) ) {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_LEN );
return;
}
if ( l_column_idx_id != NULL ) {
/* let's handle empty columns */
- for ( l_i = 0; l_i < (*o_column_count); l_i++) {
+ for ( l_i = 0; l_i < (*io_column_count); l_i++) {
if ( l_column_idx_id[l_i] == 0 ) {
(*o_column_idx)[l_i+1] = (*o_column_idx)[l_i];
}
diff --git a/src/generator_spgemm_csc_reader.h b/src/generator_spgemm_csc_reader.h
index ff207a6752..896766bd91 100644
--- a/src/generator_spgemm_csc_reader.h
+++ b/src/generator_spgemm_csc_reader.h
@@ -21,8 +21,8 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code,
unsigned int** o_row_idx,
unsigned int** o_column_idx,
double** o_values,
- unsigned int* o_row_count,
- unsigned int* o_column_count,
+ unsigned int* io_row_count,
+ unsigned int* io_column_count,
unsigned int* o_element_count );
#endif /* GENERATOR_SPGEMM_CSC_READER_H */
diff --git a/src/generator_spgemm_csr_asparse.c b/src/generator_spgemm_csr_asparse.c
index d1d7f0f8db..9d3a2aebde 100644
--- a/src/generator_spgemm_csr_asparse.c
+++ b/src/generator_spgemm_csr_asparse.c
@@ -95,7 +95,7 @@ void libxsmm_generator_spgemm_csr_asparse( libxsmm_generated_code* io_ge
libxsmm_append_code_as_string( io_generated_code, l_new_code, l_code_length );
}
- /* generate the actuel kernel */
+ /* generate the actual kernel */
l_code_length = LIBXSMM_SNPRINTF(l_new_code, l_max_code_length, " for ( l_n = 0; l_n < %u; l_n++) {\n", (unsigned int)i_xgemm_desc->n);
libxsmm_append_code_as_string( io_generated_code, l_new_code, l_code_length );
diff --git a/src/generator_spgemm_csr_reader.c b/src/generator_spgemm_csr_reader.c
index c25da7f2d9..e580313a8d 100644
--- a/src/generator_spgemm_csr_reader.c
+++ b/src/generator_spgemm_csr_reader.c
@@ -17,8 +17,8 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code,
unsigned int** o_row_idx,
unsigned int** o_column_idx,
double** o_values,
- unsigned int* o_row_count,
- unsigned int* o_column_count,
+ unsigned int* io_row_count,
+ unsigned int* io_column_count,
unsigned int* o_element_count ) {
FILE *l_csr_file_handle;
const unsigned int l_line_length = 512;
@@ -36,7 +36,8 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code,
while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) {
if ( strlen(l_line) == l_line_length ) {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
fclose(l_csr_file_handle); /* close mtx file */
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_READ_LEN );
return;
@@ -47,18 +48,21 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code,
} else {
/* if we are the first line after comment header, we allocate our data structures */
if ( l_header_read == 0 ) {
- if (3 == sscanf(l_line, "%u %u %u", o_row_count, o_column_count, o_element_count) &&
- 0 != *o_row_count && 0 != *o_column_count && 0 != *o_element_count)
+ unsigned int row_count, column_count;
+ if (3 == sscanf(l_line, "%u %u %u", &row_count, &column_count, o_element_count) &&
+ 0 != row_count && 0 != column_count && 0 != *o_element_count)
{
- /* allocate CSC data-structure matching mtx file */
+ *io_column_count = LIBXSMM_MAX(*io_column_count, column_count);
+ *io_row_count = LIBXSMM_MAX(*io_row_count, row_count);
+ /* allocate CSC data-structure matching mtx file, and set everything to zero for init */
/* coverity[tainted_data] */
- *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count));
+ *o_column_idx = (unsigned int*)calloc(*o_element_count, sizeof(unsigned int));
/* coverity[tainted_data] */
- *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * ((size_t)(*o_row_count) + 1));
+ *o_row_idx = (unsigned int*)calloc((size_t)*io_row_count + 1, sizeof(unsigned int));
/* coverity[tainted_data] */
- *o_values = (double*) malloc(sizeof(double) * (*o_element_count));
+ *o_values = (double*)calloc(*o_element_count, sizeof(double));
/* coverity[tainted_data] */
- l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count));
+ l_row_idx_id = (unsigned int*)calloc(*io_row_count, sizeof(unsigned int));
/* check if mallocs were successful */
if ( ( *o_row_idx == NULL ) ||
@@ -66,25 +70,16 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code,
( *o_values == NULL ) ||
( l_row_idx_id == NULL ) ) {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
fclose(l_csr_file_handle); /* close mtx file */
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_ALLOC_DATA );
return;
}
- /* set everything to zero for init */
- /* coverity[tainted_data] */
- memset(*o_row_idx, 0, sizeof(unsigned int) * ((size_t)(*o_row_count) + 1));
- /* coverity[tainted_data] */
- memset(*o_column_idx, 0, sizeof(unsigned int) * (*o_element_count));
- /* coverity[tainted_data] */
- memset(*o_values, 0, sizeof(double) * (*o_element_count));
- /* coverity[tainted_data] */
- memset(l_row_idx_id, 0, sizeof(unsigned int) * (*o_row_count));
-
/* init column idx */
/* coverity[tainted_data] */
- for ( l_i = 0; l_i <= *o_row_count; ++l_i )
+ for ( l_i = 0; l_i <= *io_row_count; ++l_i )
(*o_row_idx)[l_i] = (*o_element_count);
/* init */
@@ -101,9 +96,13 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code,
unsigned int l_row = 0, l_column = 0;
double l_value = 0;
/* read a line of content */
- if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3 ) {
+ if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3
+ || l_row > * io_row_count || l_column > * io_column_count
+ || l_i >= * o_element_count )
+ {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
fclose(l_csr_file_handle); /* close mtx file */
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_READ_ELEMS );
return;
@@ -129,14 +128,15 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code,
/* check if we read a file which was consistent */
if ( l_i != (*o_element_count) ) {
free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id);
- *o_row_idx = 0; *o_column_idx = 0; *o_values = 0;
+ *io_row_count = *io_column_count = *o_element_count = 0;
+ *o_row_idx = *o_column_idx = NULL; *o_values = NULL;
LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_LEN );
return;
}
if ( l_row_idx_id != NULL ) {
/* let's handle empty rows */
- for ( l_i = 0; l_i < (*o_row_count); l_i++) {
+ for ( l_i = 0; l_i < (*io_row_count); l_i++) {
if ( l_row_idx_id[l_i] == 0 ) {
(*o_row_idx)[l_i+1] = (*o_row_idx)[l_i];
}
diff --git a/src/generator_spgemm_csr_reader.h b/src/generator_spgemm_csr_reader.h
index a282870ff7..1e852a77ae 100644
--- a/src/generator_spgemm_csr_reader.h
+++ b/src/generator_spgemm_csr_reader.h
@@ -21,8 +21,8 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code,
unsigned int** o_row_idx,
unsigned int** o_column_idx,
double** o_values,
- unsigned int* o_row_count,
- unsigned int* o_column_count,
+ unsigned int* io_row_count,
+ unsigned int* io_column_count,
unsigned int* o_element_count );
#endif /* GENERATOR_SPGEMM_CSR_READER_H */

6
libxsmm.spec
View File

@ -8,13 +8,14 @@
Name: libxsmm
Version: 1.15
Release: 2
Release: 3
Summary: Small dense or sparse matrix multiplications and convolutions for x86_64
License: BSD
URL: https://github.com/hfp/libxsmm
Source0: https://github.com/hfp/libxsmm/archive/%version/%name-%version.tar.gz
Patch0001: leverage-GNU-source-when-building-the-library.patch
Patch0002: CVE-2021-39535_CVE-2021-39536.patch
BuildRequires: python3 openblas-devel
%if %{with devtoolset}
@ -111,6 +112,9 @@ rm -r samples/cp2k/{build,.make,.state,cp2k-dbcsr,cp2k-collocate,cp2k-test.txt}
%license LICENSE.md
%changelog
* Wed Dec 22 2021 yaoxin <yaoxin30@huawei.com> - 1.15-3
- Fix CVE-2021-39535 CVE-2021-39536
* Tue Aug 10 2021 lingsheng <lingsheng@huawei.com> - 1.15-2
- leverage GNU-source when building the library