From a66bf56884d6ed7f6061cd55611975be88e998f0 Mon Sep 17 00:00:00 2001 From: yangjinlin01 Date: Fri, 11 Apr 2025 23:30:12 +0800 Subject: [PATCH] [CVE] FIX CVE-2024-27319 to #20357 add patch to fix CVE-2024-27319 Project: TC2024080204 Signed-off-by: yangjinlin01 --- ...s-read-due-to-lack-of-string-termina.patch | 53 +++++++++++++++++++ onnx.spec | 7 ++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch diff --git a/0001-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch b/0001-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch new file mode 100644 index 0000000..27a48de --- /dev/null +++ b/0001-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch @@ -0,0 +1,53 @@ +From 08a399ba75a805b7813ab8936b91d0e274b08287 Mon Sep 17 00:00:00 2001 +From: liqun Fu +Date: Fri, 9 Feb 2024 14:45:49 -0800 +Subject: [PATCH] Fix Out of bounds read due to lack of string termination in + assert (#5918) + +Signed-off-by: liqunfu +Co-authored-by: G. Ramalingam +--- + onnx/common/assertions.cc | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/onnx/common/assertions.cc b/onnx/common/assertions.cc +index 29c07ba0..7675c453 100644 +--- a/onnx/common/assertions.cc ++++ b/onnx/common/assertions.cc +@@ -9,6 +9,7 @@ + + #include "onnx/common/assertions.h" + ++#include + #include + #include + +@@ -17,16 +18,20 @@ + namespace ONNX_NAMESPACE { + + std::string barf(const char* fmt, ...) { +- char msg[2048]; ++ constexpr size_t buffer_size = 2048; ++ std::array msg{}; + va_list args; + + va_start(args, fmt); +- // Although vsnprintf might have vulnerability issue while using format string with overflowed length, +- // it should be safe here to use fixed length for buffer "msg". No further checking is needed. +- vsnprintf(msg, 2048, fmt, args); ++ ++ // use fixed length for buffer "msg" to avoid buffer overflow ++ vsnprintf(static_cast(msg.data()), msg.size() - 1, fmt, args); ++ ++ // ensure null-terminated string to avoid out of bounds read ++ msg.back() = '\0'; + va_end(args); + +- return std::string(msg); ++ return std::string(msg.data()); + } + + void throw_assert_error(std::string& msg) { +-- +2.39.3 + diff --git a/onnx.spec b/onnx.spec index e0f1cf8..bd9af7c 100644 --- a/onnx.spec +++ b/onnx.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %global protobuf_ver 3.20.2 Name: onnx @@ -9,6 +9,7 @@ License: Apache URL: https://github.com/onnx/onnx Source0: https://github.com/onnx/onnx/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch0001: 0001-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch BuildRequires: doxygen cmake gcc-c++ BuildRequires: python3-devel python3-setuptools @@ -39,6 +40,7 @@ This package contains python files for onnx. %prep %setup -q +%patch0001 -p1 # external libraries rm -rf third_party/benchmark rm -rf third_party/pybind11 @@ -104,6 +106,9 @@ sed -i -e 's|/lib/|/%{_lib}/|g' %{buildroot}/%{_libdir}/cmake/ONNX/ONNXTargets-* %changelog +* Fri Apr 11 2025 yangjinlin01 - 1.15.0-2 +- fix CVE-2024-27319 + * Mon May 06 2024 Chunmei Xu - 1.15.0-1 - update to 1.15.0 to fix CVE-2024-27318 -- Gitee