From 0d8606ce8ed1ca1c9ce5ca3d36edfa6d423e5a2b Mon Sep 17 00:00:00 2001
From: shenzl <shenzhongli@inspur.com>
Date: Tue, 22 Apr 2025 16:46:29 +0800
Subject: [PATCH] to #12278 fix CVE-2024-31580 Project: TC2024080204

Signed-off-by: Ali <shenzhongli@inspur.com>
---
 0002-fix-cve-2024-31580.patch | 41 +++++++++++++++++++++++++++++++++++
 pytorch.spec                  |  6 ++++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 0002-fix-cve-2024-31580.patch

diff --git a/0002-fix-cve-2024-31580.patch b/0002-fix-cve-2024-31580.patch
new file mode 100644
index 0000000..3365c8f
--- /dev/null
+++ b/0002-fix-cve-2024-31580.patch
@@ -0,0 +1,41 @@
+From b5c3a17c2c207ebefcb85043f0cf94be9b2fef81 Mon Sep 17 00:00:00 2001
+From: Octavian Guzu <octavguzu@fb.com>
+Date: Tue, 3 Oct 2023 18:48:08 +0000
+Subject: [PATCH] [fuzzing result][fuzz_torch_jit_lite_interpreter]
+ read-heap-buffer-overflow-far-from-bounds (size 4) in c10::IValue::IValue()
+ (#110441)
+
+Summary: This diff fixes a heap underflow found by fuzzing in torch/csrc/jit/runtime/vararg_functions.cpp
+
+Test Plan:
+CI and
+```
+arc lionhead crash reproduce 1753074381791061
+```
+doesn't crash anymore.
+
+Differential Revision: D49537535
+
+Pull Request resolved: https://github.com/pytorch/pytorch/pull/110441
+Approved by: https://github.com/Skylion007
+---
+ torch/csrc/jit/runtime/vararg_functions.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/torch/csrc/jit/runtime/vararg_functions.cpp b/torch/csrc/jit/runtime/vararg_functions.cpp
+index 69e2c0fc179..bb28b61fe7e 100644
+--- a/torch/csrc/jit/runtime/vararg_functions.cpp
++++ b/torch/csrc/jit/runtime/vararg_functions.cpp
+@@ -267,6 +267,9 @@ void listUnpack(Stack& stack, size_t num_outputs) {
+ }
+ 
+ void tupleConstruct(Stack& stack, size_t num_inputs) {
++  if (num_inputs > stack.size()) {
++    TORCH_CHECK(false, "Invalid number of inputs: ", num_inputs);
++  }
+   switch (num_inputs) {
+     case 0:
+       stack.emplace_back(c10::ivalue::Tuple::create());
+-- 
+2.39.3
+
diff --git a/pytorch.spec b/pytorch.spec
index c04ea59..92c7da1 100644
--- a/pytorch.spec
+++ b/pytorch.spec
@@ -1,4 +1,4 @@
-%define anolis_release 4
+%define anolis_release 5
 
 %global vcu_maj 12
 %global vcu_min 1
@@ -18,6 +18,7 @@ License:        BSD
 URL:            https://pytorch.org
 Source0:        https://github.com/pytorch/pytorch/releases/download/v%{version}/pytorch-v%{version}.tar.gz
 Patch0:         0001-Workaround-NVCC-parse-failure-in-cast_op.patch
+Patch1:         0002-fix-cve-2024-31580.patch
 
 BuildRequires:  python3-devel cmake gcc-c++
 BuildRequires:  python3-typing-extensions python3-pyyaml python3-setuptools
@@ -136,6 +137,9 @@ end
 %{python3_sitearch}/torch/share
 
 %changelog
+* Tue Apr 22 2025 Ali <shenzhongli@inspur.com> - 2.0.1-5
+- fix CVE-2024-31580
+
 * Thu Nov 2 2023 Zhongling He <zhonglingh@linux.alibaba.com> - 2.0.1-4
 - fix NVCC parse failure in cast_op
 
-- 
Gitee