From 6d5e8a7ace6a8e049f7707639d607566e9f8cedd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E7=92=90?= <lilu@kylinos.cn>
Date: Mon, 13 May 2024 11:16:11 +0800
Subject: [PATCH] fix the CVE-2024-31580 that a heap underflow found by fuzzing

---
 ...at-a-heap-underflow-found-by-fuzzing.patch | 41 +++++++++++++++++++
 pytorch.spec                                  |  6 ++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 0003-Fix-the-CVE-2024-31580-that-a-heap-underflow-found-by-fuzzing.patch

diff --git a/0003-Fix-the-CVE-2024-31580-that-a-heap-underflow-found-by-fuzzing.patch b/0003-Fix-the-CVE-2024-31580-that-a-heap-underflow-found-by-fuzzing.patch
new file mode 100644
index 0000000..edb6983
--- /dev/null
+++ b/0003-Fix-the-CVE-2024-31580-that-a-heap-underflow-found-by-fuzzing.patch
@@ -0,0 +1,41 @@
+From b5c3a17c2c207ebefcb85043f0cf94be9b2fef81 Mon Sep 17 00:00:00 2001
+From: Octavian Guzu <octavguzu@fb.com>
+Date: Tue, 3 Oct 2023 18:48:08 +0000
+Subject: [PATCH] [fuzzing result][fuzz_torch_jit_lite_interpreter]
+ read-heap-buffer-overflow-far-from-bounds (size 4) in c10::IValue::IValue()
+ (#110441)
+
+Summary: This diff fixes a heap underflow found by fuzzing in torch/csrc/jit/runtime/vararg_functions.cpp
+
+Test Plan:
+CI and
+```
+arc lionhead crash reproduce 1753074381791061
+```
+doesn't crash anymore.
+
+Differential Revision: D49537535
+
+Pull Request resolved: https://github.com/pytorch/pytorch/pull/110441
+Approved by: https://github.com/Skylion007
+---
+ torch/csrc/jit/runtime/vararg_functions.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/torch/csrc/jit/runtime/vararg_functions.cpp b/torch/csrc/jit/runtime/vararg_functions.cpp
+index 69e2c0fc17..bb28b61fe7 100644
+--- a/torch/csrc/jit/runtime/vararg_functions.cpp
++++ b/torch/csrc/jit/runtime/vararg_functions.cpp
+@@ -267,6 +267,9 @@ void listUnpack(Stack& stack, size_t num_outputs) {
+ }
+ 
+ void tupleConstruct(Stack& stack, size_t num_inputs) {
++  if (num_inputs > stack.size()) {
++    TORCH_CHECK(false, "Invalid number of inputs: ", num_inputs);
++  }
+   switch (num_inputs) {
+     case 0:
+       stack.emplace_back(c10::ivalue::Tuple::create());
+-- 
+2.27.0
+
diff --git a/pytorch.spec b/pytorch.spec
index 8ddeac8..5b98eae 100644
--- a/pytorch.spec
+++ b/pytorch.spec
@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		pytorch
 Version:	1.6.0
-Release:	4
+Release:	5
 Summary:	Tensors and Dynamic neural networks in Python with strong GPU acceleration
 License:	BSD-3
 URL:		https://pytorch.org/
@@ -10,6 +10,7 @@ Source0:	pytorch-%{version}-include-submodules.tar.bz2
 
 Patch0001:	0001-Fix-illegal-opcode-bug-in-caffe2-40584.patch
 Patch0002:	0002-disable-SVE-for-v1.6.0-due-to-sleef-build-error.patch
+Patch0003:	0003-Fix-the-CVE-2024-31580-that-a-heap-underflow-found-by-fuzzing.patch
 
 BuildRequires:  g++
 Requires:	python3-future
@@ -87,6 +88,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Mon May 13 2024 lilu <lilu@kylinos.cn> - 1.6.0-5
+- fix the CVE-2024-31580 that a heap underflow found by fuzzing
+
 * Mon Dec 26 2022 wangdongxing <dxwangk@isoftstone.com> - 1.6.0-4
 - fixes: error: add build requires make for compile local
 
-- 
Gitee