packages/numpy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-41496

Browse Source 
(cherry picked from commit b321161c21d551e9d3aa10beb9b47a65a56b4fd6)
This commit is contained in:
renmingshuai 2022-01-04 16:00:45 +08:00 committed by openeuler-sync-bot
parent 3845be386a
commit 1a0fa6ab0c
2 changed files with 66 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
backport-CVE-2021-41496.patch Normal file
View File

@ -0,0 +1,60 @@
From 271010f1037150e95017f803f4214b8861e528f2 Mon Sep 17 00:00:00 2001
From: Warren Weckesser <warren.weckesser@gmail.com>
Date: Mon, 20 Dec 2021 10:35:31 -0500
Subject: [PATCH] BUG: f2py: Simplify creation of an exception message. Closes
gh-19000.
---
numpy/f2py/src/fortranobject.c | 28 +++++++++++++---------------
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git a/numpy/f2py/src/fortranobject.c b/numpy/f2py/src/fortranobject.c
index 4a981bf..d323878 100644
--- a/numpy/f2py/src/fortranobject.c
+++ b/numpy/f2py/src/fortranobject.c
@@ -595,14 +595,14 @@ static int check_and_fix_dimensions(const PyArrayObject* arr,
npy_intp *dims);
static int
-count_negative_dimensions(const int rank,
- const npy_intp *dims) {
- int i=0,r=0;
- while (i<rank) {
- if (dims[i] < 0) ++r;
- ++i;
+find_first_negative_dimension(const int rank, const npy_intp *dims)
+{
+ for (int i = 0; i < rank; ++i) {
+ if (dims[i] < 0) {
+ return i;
+ }
}
- return r;
+ return -1;
}
#ifdef DEBUG_COPY_ND_ARRAY
@@ -679,14 +679,12 @@ PyArrayObject* array_from_pyobj(const int type_num,
|| ((intent & F2PY_OPTIONAL) && (obj==Py_None))
) {
/* intent(cache), optional, intent(hide) */
- if (count_negative_dimensions(rank,dims) > 0) {
- int i;
- strcpy(mess, "failed to create intent(cache|hide)|optional array"
- "-- must have defined dimensions but got (");
- for(i=0;i<rank;++i)
- sprintf(mess+strlen(mess),"%" NPY_INTP_FMT ",",dims[i]);
- strcat(mess, ")");
- PyErr_SetString(PyExc_ValueError,mess);
+ int i = find_first_negative_dimension(rank, dims);
+ if (i >= 0) {
+ PyErr_Format(PyExc_ValueError,
+ "failed to create intent(cache|hide)|optional array"
+ " -- must have defined dimensions, but dims[%d] = %"
+ NPY_INTP_FMT, i, dims[i]);
return NULL;
}
arr = (PyArrayObject *)
--
2.27.0

7
numpy.spec
View File

@ -2,7 +2,7 @@
Name: numpy Name: numpy
Version: 1.16.5 Version: 1.16.5
Release: 3 Release: 4
Epoch: 1 Epoch: 1
Summary: A fast multidimensional array facility for Python Summary: A fast multidimensional array facility for Python
@ -13,6 +13,8 @@ Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}
BuildRequires: openblas-devel BuildRequires: openblas-devel
BuildRequires: lapack-devel gcc-gfortran Cython BuildRequires: lapack-devel gcc-gfortran Cython
Patch0: backport-CVE-2021-41496.patch
%description %description
NumPy is the fundamental package for scientific computing with Python. It contains among other things: NumPy is the fundamental package for scientific computing with Python. It contains among other things:
a powerful N-dimensional array object a powerful N-dimensional array object
@ -177,6 +179,9 @@ popd &> /dev/null
%{python3_sitearch}/%{name}/f2py %{python3_sitearch}/%{name}/f2py
%changelog %changelog
* Tue Jan 04 2022 yuanxin<yuanxin24@huawei.com> - 1.16.5-4
- fix CVE-2021-41496
* Tue Aug 18 2020 wenzhanli<wenzhanli2@huawei.com> - 1.16.5-3 * Tue Aug 18 2020 wenzhanli<wenzhanli2@huawei.com> - 1.16.5-3
- add release version for rebuild - add release version for rebuild