[AUTO-CHERRYPICK] Add patch for CVE-2023-33976 in tensorflow - branch main (#10213)

CBL-Mariner-Bot · aadhar-agarwal · web-flow · commit 959bf5a56863 · 2024-08-23T14:42:47.000-04:00
Co-authored-by: aadhar-agarwal &lt;108542189+aadhar-agarwal@users.noreply.github.com&gt;
diff --git a/SPECS/tensorflow/CVE-2023-33976.patch b/SPECS/tensorflow/CVE-2023-33976.patch
@@ -0,0 +1,177 @@
+From 915884fdf5df34aaedd00fc6ace33a2cfdefa586 Mon Sep 17 00:00:00 2001
+From: Cesar Crusius <ccrusius@google.com>
+Date: Mon, 27 Feb 2023 10:14:05 -0800
+Subject: [PATCH] Check for correct `values` rank in UpperBound and LowerBound.
+
+The shape function in array_ops.cc for those ops requires that
+argument to have rank 2, but that function is bypassed when switching
+between graph and eager modes, allowing for invalid arguments to
+pass through and, in the test case, cause a segfault.
+
+PiperOrigin-RevId: 512661338
+---
+ tensorflow/core/kernels/searchsorted_op.cc | 32 ++++++++++---
+ tensorflow/python/ops/array_ops_test.py    | 54 ++++++++++++++++++----
+ 2 files changed, 71 insertions(+), 15 deletions(-)
+
+diff --git a/tensorflow/core/kernels/searchsorted_op.cc b/tensorflow/core/kernels/searchsorted_op.cc
+index 94d18708a6a..8fc3d0da91c 100644
+--- a/tensorflow/core/kernels/searchsorted_op.cc
++++ b/tensorflow/core/kernels/searchsorted_op.cc
+@@ -101,10 +101,20 @@ class UpperBoundOp : public OpKernel {
+     const Tensor& sorted_inputs_t = ctx->input(0);
+     const Tensor& values_t = ctx->input(1);
+ 
+-    // inputs must be at least a matrix
++    // Inputs must be a matrix
++    // This replicates the shape requirements for the op in array_ops.cc
+     OP_REQUIRES(
+-        ctx, sorted_inputs_t.shape().dims() >= 2,
+-        errors::InvalidArgument("sorted input argument must be a matrix"));
++        ctx, sorted_inputs_t.shape().dims() == 2,
++        errors::InvalidArgument(absl::StrCat(
++            "Shape must be rank 2 but is rank ", sorted_inputs_t.shape().dims(),
++            " for "
++            "`sorted_inputs` argument")));
++    // Values must be a matrix
++    // This replicates the shape requirements for the op in array_ops.cc
++    OP_REQUIRES(ctx, values_t.shape().dims() == 2,
++                errors::InvalidArgument(absl::StrCat(
++                    "Shape must be rank 2 but is rank ",
++                    values_t.shape().dims(), " for `values` argument")));
+     // must have same batch dim_size for both
+     OP_REQUIRES(ctx, sorted_inputs_t.dim_size(0) == values_t.dim_size(0),
+                 Status(error::INVALID_ARGUMENT,
+@@ -154,10 +164,20 @@ class LowerBoundOp : public OpKernel {
+     const Tensor& sorted_inputs_t = ctx->input(0);
+     const Tensor& values_t = ctx->input(1);
+ 
+-    // inputs must be at least a matrix
++    // Inputs must be a matrix
++    // This replicates the shape requirements for the op in array_ops.cc
+     OP_REQUIRES(
+-        ctx, sorted_inputs_t.shape().dims() >= 2,
+-        errors::InvalidArgument("sorted input argument must be a matrix"));
++        ctx, sorted_inputs_t.shape().dims() == 2,
++        errors::InvalidArgument(absl::StrCat(
++            "Shape must be rank 2 but is rank ", sorted_inputs_t.shape().dims(),
++            " for "
++            "`sorted_inputs` argument")));
++    // Values must be a matrix
++    // This replicates the shape requirements for the op in array_ops.cc
++    OP_REQUIRES(ctx, values_t.shape().dims() == 2,
++                errors::InvalidArgument(absl::StrCat(
++                    "Shape must be rank 2 but is rank ",
++                    values_t.shape().dims(), " for `values` argument")));
+     // must have same batch dim_size for both
+     OP_REQUIRES(ctx, sorted_inputs_t.dim_size(0) == values_t.dim_size(0),
+                 Status(error::INVALID_ARGUMENT,
+diff --git a/tensorflow/python/ops/array_ops_test.py b/tensorflow/python/ops/array_ops_test.py
+index 0c82f5ac098..4cf619d4739 100644
+--- a/tensorflow/python/ops/array_ops_test.py
++++ b/tensorflow/python/ops/array_ops_test.py
+@@ -20,6 +20,7 @@ from tensorflow.python.framework import dtypes
+ from tensorflow.python.framework import tensor_spec
+ from tensorflow.python.framework import test_util
+ from tensorflow.python.ops import array_ops
++from tensorflow.python.ops import gen_array_ops
+ from tensorflow.python.ops import math_ops
+ from tensorflow.python.ops import random_ops
+ from tensorflow.python.platform import test
+@@ -31,9 +32,8 @@ class ArrayOpTest(test.TestCase):
+     # Create a tensor with an unknown dim 1.
+     x = random_ops.random_normal([4, 10, 10])
+     x = array_ops.gather(
+-        x,
+-        array_ops.reshape(array_ops.where_v2(x[0, :, 0] > 0.5), [-1]),
+-        axis=1)
++        x, array_ops.reshape(array_ops.where_v2(x[0, :, 0] > 0.5), [-1]), axis=1
++    )
+     x.shape.assert_is_compatible_with([4, None, 10])
+ 
+     with backprop.GradientTape() as tape:
+@@ -54,9 +54,8 @@ class ArrayOpTest(test.TestCase):
+     # Create a tensor with an unknown dim 1.
+     x = random_ops.random_normal([4, 10, 10])
+     x = array_ops.gather(
+-        x,
+-        array_ops.reshape(array_ops.where_v2(x[0, :, 0] > 0.5), [-1]),
+-        axis=1)
++        x, array_ops.reshape(array_ops.where_v2(x[0, :, 0] > 0.5), [-1]), axis=1
++    )
+     x.shape.assert_is_compatible_with([4, None, 10])
+     a = array_ops.reshape(x, array_ops.shape(x))
+     a.shape.assert_is_compatible_with([4, None, 10])
+@@ -68,14 +67,15 @@ class ArrayOpTest(test.TestCase):
+     c = array_ops.reshape(
+         x,
+         math_ops.cast(
+-            math_ops.cast(array_ops.shape(x), dtypes.float32), dtypes.int32))
++            math_ops.cast(array_ops.shape(x), dtypes.float32), dtypes.int32
++        ),
++    )
+     c.shape.assert_is_compatible_with([None, None, None])
+ 
+   def testEmptyMeshgrid(self):
+     self.assertEqual(array_ops.meshgrid(), [])
+ 
+   def testSlicedPartialShapeInference(self):
+-
+     @def_function.function(autograph=False)
+     def g(x):
+       return array_ops.zeros([array_ops.shape(x)[0]])
+@@ -84,7 +84,6 @@ class ArrayOpTest(test.TestCase):
+     self.assertAllEqual(conc.output_shapes.as_list(), [10])
+ 
+   def testIdentityOnSlicedPartialShapeInference(self):
+-
+     @def_function.function(autograph=False)
+     def g(x):
+       return array_ops.zeros([array_ops.identity(array_ops.shape(x)[0])])
+@@ -106,6 +105,43 @@ class ArrayOpTest(test.TestCase):
+     ):
+       func()
+ 
++  @test_util.run_in_graph_and_eager_modes
++  def testUpperBoundValuesWrongRank(self):
++    # Used to cause a segfault, b/266336058
++    arg0 = array_ops.zeros([2, 3], dtype=dtypes.float32)
++    arg1 = array_ops.zeros([2, 1, 0], dtype=dtypes.float32)
++    with self.assertRaisesRegex(
++        Exception, "Shape must be rank 2 but is rank 3"
++    ):
++      gen_array_ops.upper_bound(arg0, arg1)
++
++  def testLowerBoundValuesWrongRank(self):
++    # Used to cause a segfault, b/266336058
++    arg0 = array_ops.zeros([2, 3], dtype=dtypes.float32)
++    arg1 = array_ops.zeros([2, 1, 0], dtype=dtypes.float32)
++    with self.assertRaisesRegex(
++        Exception, "Shape must be rank 2 but is rank 3"
++    ):
++      gen_array_ops.lower_bound(arg0, arg1)
++
++  def testUpperBoundInputsWrongRank(self):
++    # Used to cause a segfault, b/266336058
++    arg0 = array_ops.zeros([2, 1, 0], dtype=dtypes.float32)
++    arg1 = array_ops.zeros([2, 3], dtype=dtypes.float32)
++    with self.assertRaisesRegex(
++        Exception, "Shape must be rank 2 but is rank 3"
++    ):
++      gen_array_ops.upper_bound(arg0, arg1)
++
++  def testLowerBoundInputsWrongRank(self):
++    # Used to cause a segfault, b/266336058
++    arg0 = array_ops.zeros([2, 1, 0], dtype=dtypes.float32)
++    arg1 = array_ops.zeros([2, 3], dtype=dtypes.float32)
++    with self.assertRaisesRegex(
++        Exception, "Shape must be rank 2 but is rank 3"
++    ):
++      gen_array_ops.lower_bound(arg0, arg1)
++
+ 
+ if __name__ == "__main__":
+   test.main()
+-- 
+2.34.1
+
diff --git a/SPECS/tensorflow/tensorflow.spec b/SPECS/tensorflow/tensorflow.spec
@@ -1,14 +1,15 @@
 Summary:        TensorFlow is an open source machine learning framework for everyone.
 Name:           tensorflow
 Version:        2.11.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Development/Languages/Python
 URL:            https://www.tensorflow.org/
 Source0:        https://github.com/tensorflow/tensorflow/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        %{name}-%{version}-cache.tar.gz
+Patch0:         CVE-2023-33976.patch
 BuildRequires:  bazel
 BuildRequires:  binutils
 BuildRequires:  build-essential
@@ -147,6 +148,9 @@ bazel --batch build  --verbose_explanations //tensorflow/tools/pip_package:build
 
 
 %changelog
+* Thu Aug 15 2024 Aadhar Agarwal <aadagarwal@microsoft> - 2.11.1-2
+- Add a patch for CVE-2023-33976
+
 * Wed Oct 11 2023 Mitch Zhu <mitchzhu@microsoft> - 2.11.1-1
 - Update to 2.11.1 to fix CVEs
 
