From fe6f74d9c4464cc5fcc24768cbaa934582439564 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E7=92=90?= <lilu@kylinos.cn>
Date: Fri, 19 Apr 2024 17:13:55 +0800
Subject: [PATCH] Fix the CVE-2024-31580 and CVE-2024-31583

---
 ...he-CVE-2024-31580-and-CVE-2024-31583.patch | 42 +++++++++++++++++++
 pytorch.spec                                  |  7 +++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 0001-Fix-the-CVE-2024-31580-and-CVE-2024-31583.patch

diff --git a/0001-Fix-the-CVE-2024-31580-and-CVE-2024-31583.patch b/0001-Fix-the-CVE-2024-31580-and-CVE-2024-31583.patch
new file mode 100644
index 0000000..8c91d0f
--- /dev/null
+++ b/0001-Fix-the-CVE-2024-31580-and-CVE-2024-31583.patch
@@ -0,0 +1,42 @@
+From bade6718de6468fca75398e0df53886adf94df11 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E6=9D=8E=E7=92=90?= <lilu@kylinos.cn>
+Date: Fri, 19 Apr 2024 17:12:32 +0800
+Subject: [PATCH] Fix the CVE-2024-31580 and CVE-2024-31583
+
+---
+ pytorch-v2.0.1/torch/csrc/jit/mobile/interpreter.cpp       | 4 ++++
+ pytorch-v2.0.1/torch/csrc/jit/runtime/vararg_functions.cpp | 3 +++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/pytorch-v2.0.1/torch/csrc/jit/mobile/interpreter.cpp b/pytorch-v2.0.1/torch/csrc/jit/mobile/interpreter.cpp
+index d19ee838f..dcd51c3fb 100644
+--- a/pytorch-v2.0.1/torch/csrc/jit/mobile/interpreter.cpp
++++ b/pytorch-v2.0.1/torch/csrc/jit/mobile/interpreter.cpp
+@@ -129,6 +129,10 @@ bool InterpreterState::run(Stack& stack) {
+             }
+           }
+ 
++          if (inst.X < 0 ||
++              static_cast<size_t>(inst.X) >= code.operators_.size()) {
++            throw JITException("Invalid OP Instruction");
++          }
+           RECORD_EDGE_SCOPE_WITH_DEBUG_HANDLE_AND_INPUTS(
+               code.op_names_[inst.X].name, debug_handle, stack);
+           code.operators_[inst.X](stack);
+diff --git a/pytorch-v2.0.1/torch/csrc/jit/runtime/vararg_functions.cpp b/pytorch-v2.0.1/torch/csrc/jit/runtime/vararg_functions.cpp
+index 0afaa6b2a..aa8329537 100644
+--- a/pytorch-v2.0.1/torch/csrc/jit/runtime/vararg_functions.cpp
++++ b/pytorch-v2.0.1/torch/csrc/jit/runtime/vararg_functions.cpp
+@@ -270,6 +270,9 @@ void listUnpack(Stack& stack, size_t num_outputs) {
+ }
+ 
+ void tupleConstruct(Stack& stack, size_t num_inputs) {
++  if (num_inputs > stack.size()) {
++    TORCH_CHECK(false, "Invalid number of inputs: ", num_inputs);
++  }
+   switch (num_inputs) {
+     case 0:
+       stack.emplace_back(c10::ivalue::Tuple::create());
+-- 
+2.27.0
+
diff --git a/pytorch.spec b/pytorch.spec
index ba23d65..638fd19 100644
--- a/pytorch.spec
+++ b/pytorch.spec
@@ -1,12 +1,14 @@
 %global _empty_manifest_terminate_build 0
 Name:		pytorch
 Version:	2.0.1
-Release:	2
+Release:	3
 Summary:	Tensors and Dynamic neural networks in Python with strong GPU acceleration
 License:	BSD-3
 URL:		https://pytorch.org/
 Source0:	https://github.com/pytorch/pytorch/releases/download/v%{version}/pytorch-v%{version}.tar.gz
 
+Patch0001:	0001-Fix-the-CVE-2024-31580-and-CVE-2024-31583.patch
+
 BuildRequires:  g++
 Requires:	python3-future
 Requires:	python3-numpy
@@ -85,6 +87,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Fri Apr 19 2024 lilu <lilu@kylinos.cn> - 2.0.1-3
+- Fix the CVE-2024-31580 and CVE-2024-31583
+
 * Thu Aug 17 2023 Dongxing Wang <dxwangk@isoftstone.com> - 2.0.1-2
 - Fix the EulerMaker failure for verion 2.0.1
 
-- 
Gitee