From 195a5029e948debe5240efdb5527c6996d4e008bffd3ff870d2a107eed1a15b1 Mon Sep 17 00:00:00 2001
From: Atri Bhattacharya <badshah400@gmail.com>
Date: Mon, 3 Jan 2022 19:08:54 +0000
Subject: [PATCH] Accepting request 943553 from home:rguenther:branches:science

- Add Fix-out-of-bounds-read.patch to fix out of bound reads when
  user input is not validated properly.  (bsc#1193562, CVE-2021-4048)

OBS-URL: https://build.opensuse.org/request/show/943553
OBS-URL: https://build.opensuse.org/package/show/science/lapack?expand=0&rev=27
---
 Fix-out-of-bounds-read.patch | 81 ++++++++++++++++++++++++++++++++++++
 lapack-man.spec              |  2 +-
 lapack.changes               |  6 +++
 lapack.spec                  |  4 +-
 4 files changed, 91 insertions(+), 2 deletions(-)
 create mode 100644 Fix-out-of-bounds-read.patch

diff --git a/Fix-out-of-bounds-read.patch b/Fix-out-of-bounds-read.patch
new file mode 100644
index 0000000..1d236e9
--- /dev/null
+++ b/Fix-out-of-bounds-read.patch
@@ -0,0 +1,81 @@
+From 0631b6beaed60ba118b0b027c0f8d35397bf5df0 Mon Sep 17 00:00:00 2001
+From: Keno Fischer <keno@juliacomputing.com>
+Date: Thu, 30 Sep 2021 03:51:23 -0400
+Subject: [PATCH] Fix out of bounds read in slarrv
+
+This was originally reported as https://github.com/JuliaLang/julia/issues/42415.
+I've tracked this down to an our of bounds read on the following line:
+
+https://github.com/Reference-LAPACK/lapack/blob/44ecb6a5ff821b1cbb39f8cc2166cb098e060b4d/SRC/slarrv.f#L423
+
+In the crashing example, `M` is `0`, causing `slarrv` to read uninitialized
+memory from the work array. I believe the `0` for `M` is correct and indeed,
+the documentation above supports that `M` may be zero:
+
+https://github.com/Reference-LAPACK/lapack/blob/44ecb6a5ff821b1cbb39f8cc2166cb098e060b4d/SRC/slarrv.f#L113-L116
+
+I believe it may be sufficient to early-out this function as suggested
+in this PR. However, I have limited context for the full routine here,
+so I would appreciate a sanity check.
+---
+ SRC/clarrv.f | 2 +-
+ SRC/dlarrv.f | 2 +-
+ SRC/slarrv.f | 2 +-
+ SRC/zlarrv.f | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/SRC/clarrv.f b/SRC/clarrv.f
+index 1f09e4da6..42f710757 100644
+--- a/SRC/clarrv.f
++++ b/SRC/clarrv.f
+@@ -348,7 +348,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+diff --git a/SRC/dlarrv.f b/SRC/dlarrv.f
+index b036c1e66..299430361 100644
+--- a/SRC/dlarrv.f
++++ b/SRC/dlarrv.f
+@@ -350,7 +350,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+diff --git a/SRC/slarrv.f b/SRC/slarrv.f
+index 9d72b339a..95f94fd1b 100644
+--- a/SRC/slarrv.f
++++ b/SRC/slarrv.f
+@@ -350,7 +350,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+diff --git a/SRC/zlarrv.f b/SRC/zlarrv.f
+index 51ec558f5..e4be63e0d 100644
+--- a/SRC/zlarrv.f
++++ b/SRC/zlarrv.f
+@@ -348,7 +348,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+-- 
+2.31.1
+
diff --git a/lapack-man.spec b/lapack-man.spec
index ace9d8f..f971f52 100644
--- a/lapack-man.spec
+++ b/lapack-man.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package lapack-man
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
diff --git a/lapack.changes b/lapack.changes
index a0e8bee..c866288 100644
--- a/lapack.changes
+++ b/lapack.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jan  3 08:34:37 UTC 2022 - Richard Biener <rguenther@suse.com>
+
+- Add Fix-out-of-bounds-read.patch to fix out of bound reads when
+  user input is not validated properly.  (bsc#1193562, CVE-2021-4048)
+
 -------------------------------------------------------------------
 Mon Jul 19 08:24:18 UTC 2021 - Ismail Dönmez <ismail@i10z.com>
 
diff --git a/lapack.spec b/lapack.spec
index c70f443..a4e7865 100644
--- a/lapack.spec
+++ b/lapack.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package lapack
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,6 +32,8 @@ Patch2:         Fix-MinGW-build-error.patch
 Patch3:         Fix-some-minor-inconsistencies-in-LAPACKE_czgesvdq.patch
 # PATCH-FIX-UPSTREAM -- https://github.com/Reference-LAPACK/lapack/commit/ea2a102d3827.patch
 Patch4:         Avoid-out-of-bounds-accesses-in-complex-EIG-tests.patch
+# PATCH-FIX-UPSTREAM -- https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
+Patch5:         Fix-out-of-bounds-read.patch
 
 BuildRequires:  gcc-fortran
 BuildRequires:  python3-base