Accepting request 943553 from home:rguenther:branches:science

- Add Fix-out-of-bounds-read.patch to fix out of bound reads when user input is not validated properly. (bsc#1193562, CVE-2021-4048) OBS-URL: https://build.opensuse.org/request/show/943553 OBS-URL: https://build.opensuse.org/package/show/science/lapack?expand=0&rev=27
2022-01-03 19:08:54 +00:00 · 2022-01-03 19:08:54 +00:00 · 195a5029e9
commit 195a5029e9
parent 1d19da314f
4 changed files with 91 additions and 2 deletions
--- a/Fix-out-of-bounds-read.patch
+++ b/Fix-out-of-bounds-read.patch
@ -0,0 +1,81 @@
+From 0631b6beaed60ba118b0b027c0f8d35397bf5df0 Mon Sep 17 00:00:00 2001
+From: Keno Fischer <keno@juliacomputing.com>
+Date: Thu, 30 Sep 2021 03:51:23 -0400
+Subject: [PATCH] Fix out of bounds read in slarrv
+
+This was originally reported as https://github.com/JuliaLang/julia/issues/42415.
+I've tracked this down to an our of bounds read on the following line:
+
+https://github.com/Reference-LAPACK/lapack/blob/44ecb6a5ff821b1cbb39f8cc2166cb098e060b4d/SRC/slarrv.f#L423
+
+In the crashing example, `M` is `0`, causing `slarrv` to read uninitialized
+memory from the work array. I believe the `0` for `M` is correct and indeed,
+the documentation above supports that `M` may be zero:
+
+https://github.com/Reference-LAPACK/lapack/blob/44ecb6a5ff821b1cbb39f8cc2166cb098e060b4d/SRC/slarrv.f#L113-L116
+
+I believe it may be sufficient to early-out this function as suggested
+in this PR. However, I have limited context for the full routine here,
+so I would appreciate a sanity check.
+---
+ SRC/clarrv.f | 2 +-
+ SRC/dlarrv.f | 2 +-
+ SRC/slarrv.f | 2 +-
+ SRC/zlarrv.f | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/SRC/clarrv.f b/SRC/clarrv.f
+index 1f09e4da6..42f710757 100644
+--- a/SRC/clarrv.f
+++ b/SRC/clarrv.f
+@@ -348,7 +348,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
+      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+diff --git a/SRC/dlarrv.f b/SRC/dlarrv.f
+index b036c1e66..299430361 100644
+--- a/SRC/dlarrv.f
+++ b/SRC/dlarrv.f
+@@ -350,7 +350,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
+      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+diff --git a/SRC/slarrv.f b/SRC/slarrv.f
+index 9d72b339a..95f94fd1b 100644
+--- a/SRC/slarrv.f
+++ b/SRC/slarrv.f
+@@ -350,7 +350,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
+      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+diff --git a/SRC/zlarrv.f b/SRC/zlarrv.f
+index 51ec558f5..e4be63e0d 100644
+--- a/SRC/zlarrv.f
+++ b/SRC/zlarrv.f
+@@ -348,7 +348,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
+      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+-- 
+2.31.1
+
--- a/lapack-man.spec
+++ b/lapack-man.spec
@ -1,7 +1,7 @@
 #
 # spec file for package lapack-man
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
--- a/lapack.changes
+++ b/lapack.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jan  3 08:34:37 UTC 2022 - Richard Biener <rguenther@suse.com>
+
+- Add Fix-out-of-bounds-read.patch to fix out of bound reads when
+  user input is not validated properly.  (bsc#1193562, CVE-2021-4048)
+
 -------------------------------------------------------------------
 Mon Jul 19 08:24:18 UTC 2021 - Ismail Dönmez <ismail@i10z.com>

--- a/lapack.spec
+++ b/lapack.spec
@ -1,7 +1,7 @@
 #
 # spec file for package lapack
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -32,6 +32,8 @@ Patch2:         Fix-MinGW-build-error.patch
 Patch3:         Fix-some-minor-inconsistencies-in-LAPACKE_czgesvdq.patch
 # PATCH-FIX-UPSTREAM -- https://github.com/Reference-LAPACK/lapack/commit/ea2a102d3827.patch
 Patch4:         Avoid-out-of-bounds-accesses-in-complex-EIG-tests.patch
+# PATCH-FIX-UPSTREAM -- https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
+Patch5:         Fix-out-of-bounds-read.patch

 BuildRequires:  gcc-fortran
 BuildRequires:  python3-base