From bb29ef8de842b15e79f16ca1121a6f95caafa7b7 Mon Sep 17 00:00:00 2001
From: zhuyy <1932295311@qq.com>
Date: Mon, 7 Jul 2025 08:37:21 +0000
Subject: [PATCH] [Huawei]Addressing security issues caused by array
 out-of-bounds errors

Offering:BeiMing 25.1.0

Signed-off-by: zhuyy <1932295311@qq.com>
---
 ompi/mca/osc/ucx/osc_ucx_component.c  | 8 ++++----
 orte/mca/plm/donau/plm_donau_module.c | 9 +++++++++
 orte/mca/schizo/alps/schizo_alps.c    | 1 +
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ompi/mca/osc/ucx/osc_ucx_component.c b/ompi/mca/osc/ucx/osc_ucx_component.c
index 2ac438678c..b5ce0ee251 100644
--- a/ompi/mca/osc/ucx/osc_ucx_component.c
+++ b/ompi/mca/osc/ucx/osc_ucx_component.c
@@ -239,12 +239,12 @@ static int component_finalize(void) {
     }
 
     assert(mca_osc_ucx_component.num_incomplete_req_ops == 0);
+    if (NULL != mca_osc_ucx_component.ucp_context) {
+        ucp_cleanup(mca_osc_ucx_component.ucp_context);
+        mca_osc_ucx_component.ucp_context = NULL;
+    }
     if (mca_osc_ucx_component.env_initialized == true) {
         OBJ_DESTRUCT(&mca_osc_ucx_component.requests);
-        if (NULL != mca_osc_ucx_component.ucp_context) {
-            ucp_cleanup(mca_osc_ucx_component.ucp_context);
-            mca_osc_ucx_component.ucp_context = NULL;
-        }
         mca_osc_ucx_component.env_initialized = false;
     }
 
diff --git a/orte/mca/plm/donau/plm_donau_module.c b/orte/mca/plm/donau/plm_donau_module.c
index 8ca5e7af7d..ec9ce79f37 100644
--- a/orte/mca/plm/donau/plm_donau_module.c
+++ b/orte/mca/plm/donau/plm_donau_module.c
@@ -770,6 +770,9 @@ static simp_state donau_nodelist_simp(char *node_list, char *nodelist_result) {
         }
         strcpy(node[temp_num].name, temp_s);
         temp_num++;
+        if (temp_num >= DONAU_MAX_NODELIST_LENGTH) {
+            return SIMP_OUT_OF_RESOURCE;
+        }
     }
     for (int i = 0; i < temp_num; i++) {
         node[i].len = strlen(node[i].name);
@@ -801,6 +804,9 @@ static simp_state donau_nodelist_simp(char *node_list, char *nodelist_result) {
                 }
                 strcat(nodelist_result, temp_str);
                 if (i < temp_num || i == temp_num && stack_size > 1) {
+                    if(strlen(nodelist_result) + 1 >= DONAU_MAX_NODELIST_LENGTH) {
+                        return SIMP_OUT_OF_RESOURCE;
+                    }
                     strcat(nodelist_result, ",");
                 }
                 stack_size--;
@@ -849,6 +855,9 @@ static simp_state donau_nodelist_simp(char *node_list, char *nodelist_result) {
                 }
                 strcat(nodelist_result, temp_str);
                 if (i < temp_num) {
+                    if(strlen(nodelist_result) + 1 >= DONAU_MAX_NODELIST_LENGTH) {
+                        return SIMP_OUT_OF_RESOURCE;
+                    }
                     strcat(nodelist_result, ",");
                 }
             }
diff --git a/orte/mca/schizo/alps/schizo_alps.c b/orte/mca/schizo/alps/schizo_alps.c
index 4c7db47092..3367342eab 100644
--- a/orte/mca/schizo/alps/schizo_alps.c
+++ b/orte/mca/schizo/alps/schizo_alps.c
@@ -98,6 +98,7 @@ static orte_schizo_launch_environ_t check_launch_environment(void)
                                            running on a mom node, for example) */
             opal_argv_append_nosize(&pushed_envs, OPAL_MCA_PREFIX"pmix");
             opal_argv_append_nosize(&pushed_vals, "cray");
+            fclose(fd_task_is_app);
         }
         fclose(fd);
     }
-- 
Gitee