From 68cbe32540d363a68f5d5990f391848d3b25d55a Mon Sep 17 00:00:00 2001
From: wang kun <wang_kun1@hoperun.com>
Date: Fri, 25 Jul 2025 10:58:49 +0800
Subject: [PATCH] fix CVE-2022-45907

---
 backport-CVE-2022-45907.patch | 104 ++++++++++++++++++++++++++++++++++
 pytorch.spec                  |   6 +-
 2 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-45907.patch

diff --git a/backport-CVE-2022-45907.patch b/backport-CVE-2022-45907.patch
new file mode 100644
index 0000000..76599b6
--- /dev/null
+++ b/backport-CVE-2022-45907.patch
@@ -0,0 +1,104 @@
+From 767f6aa49fe20a2766b9843d01e3b7f7793df6a3 Mon Sep 17 00:00:00 2001
+From: Nikita Shulga <nshulga@meta.com>
+Date: Thu, 17 Nov 2022 22:05:27 +0000
+Subject: [PATCH] [JIT][Security] Do not blindly eval input string (#89189)
+
+Introduce `_eval_no_call` method, that evaluates statement only if it
+does not contain any calls(done by examining the bytecode), thus preventing command injection exploit
+
+Added simple unit test to check for that
+`torch.jit.annotations.get_signature` would not result in calling random
+code.
+
+Although, this code path exists for Python-2 compatibility, and perhaps
+should be simply removed.
+
+Fixes https://github.com/pytorch/pytorch/issues/88868
+
+Pull Request resolved: https://github.com/pytorch/pytorch/pull/89189
+Approved by: https://github.com/suo
+---
+ test/test_jit.py                               |  8 ++++++++
+ torch/csrc/jit/frontend/script_type_parser.cpp |  2 +-
+ torch/jit/annotations.py                       | 14 ++++++++++++--
+ 3 files changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/test/test_jit.py b/test/test_jit.py
+index 5a9b7235..a72ce200 100644
+--- a/test/test_jit.py
++++ b/test/test_jit.py
+@@ -3211,6 +3211,14 @@ def foo(x):
+                 return a + 2
+             torch.jit.script(invalid4)
+ 
++    def test_calls_in_type_annotations(self):
++        with self.assertRaisesRegex(RuntimeError, "Type annotation should not contain calls"):
++            def spooky(a):
++                # type: print("Hello") -> Tensor # noqa: F723
++                return a + 2
++            print(torch.__file__)
++            torch.jit.annotations.get_signature(spooky, None, 1, True)
++
+     def test_is_optional(self):
+         ann = Union[List[int], List[float]]
+         torch._jit_internal.is_optional(ann)
+diff --git a/torch/csrc/jit/frontend/script_type_parser.cpp b/torch/csrc/jit/frontend/script_type_parser.cpp
+index 0ecc394a..4e47016e 100644
+--- a/torch/csrc/jit/frontend/script_type_parser.cpp
++++ b/torch/csrc/jit/frontend/script_type_parser.cpp
+@@ -229,7 +229,7 @@ std::vector<IValue> ScriptTypeParser::evaluateDefaults(
+   // We then run constant prop on this graph and check the results are
+   // constant. This approach avoids having to have separate handling of
+   // default arguments from standard expressions by piecing together existing
+-  // machinery for graph generation, constant propgation, and constant
++  // machinery for graph generation, constant propagation, and constant
+   // extraction.
+   auto tuple_type = Subscript::create(
+       r,
+diff --git a/torch/jit/annotations.py b/torch/jit/annotations.py
+index 97dd39ee..7a73850d 100644
+--- a/torch/jit/annotations.py
++++ b/torch/jit/annotations.py
+@@ -1,4 +1,5 @@
+ import ast
++import dis
+ import inspect
+ import re
+ import torch
+@@ -129,6 +130,15 @@ def check_fn(fn, loc):
+         raise torch.jit.frontend.FrontendError(loc, "Expected a single top-level function")
+ 
+ 
++def _eval_no_call(stmt, glob, loc):
++    """Evaluate statement as long as it does not contain any method/function calls"""
++    bytecode = compile(stmt, "", mode="eval")
++    for insn in dis.get_instructions(bytecode):
++        if "CALL" in insn.opname:
++            raise RuntimeError(f"Type annotation should not contain calls, but '{stmt}' does")
++    return eval(bytecode, glob, loc)  # type: ignore[arg-type] # noqa: P204
++
++
+ def parse_type_line(type_line, rcb, loc):
+     """Parses a type annotation specified as a comment.
+ 
+@@ -139,7 +149,7 @@ def parse_type_line(type_line, rcb, loc):
+     arg_ann_str, ret_ann_str = split_type_line(type_line)
+ 
+     try:
+-        arg_ann = eval(arg_ann_str, {}, EvalEnv(rcb))  # noqa: P204
++        arg_ann = _eval_no_call(arg_ann_str, {}, EvalEnv(rcb))
+     except (NameError, SyntaxError) as e:
+         raise RuntimeError("Failed to parse the argument list of a type annotation: {}".format(str(e)))
+ 
+@@ -147,7 +157,7 @@ def parse_type_line(type_line, rcb, loc):
+         arg_ann = (arg_ann,)
+ 
+     try:
+-        ret_ann = eval(ret_ann_str, {}, EvalEnv(rcb))  # noqa: P204
++        ret_ann = _eval_no_call(ret_ann_str, {}, EvalEnv(rcb))
+     except (NameError, SyntaxError) as e:
+         raise RuntimeError("Failed to parse the return type of a type annotation: {}".format(str(e)))
+ 
+-- 
+2.33.0
+
diff --git a/pytorch.spec b/pytorch.spec
index 8ddeac8..b2f1d04 100644
--- a/pytorch.spec
+++ b/pytorch.spec
@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		pytorch
 Version:	1.6.0
-Release:	4
+Release:	5
 Summary:	Tensors and Dynamic neural networks in Python with strong GPU acceleration
 License:	BSD-3
 URL:		https://pytorch.org/
@@ -10,6 +10,7 @@ Source0:	pytorch-%{version}-include-submodules.tar.bz2
 
 Patch0001:	0001-Fix-illegal-opcode-bug-in-caffe2-40584.patch
 Patch0002:	0002-disable-SVE-for-v1.6.0-due-to-sleef-build-error.patch
+Patch0003:	backport-CVE-2022-45907.patch
 
 BuildRequires:  g++
 Requires:	python3-future
@@ -87,6 +88,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Fri Jul 25 2025 wangkun <wang_kun1@hoperun.com> - 1.6.0-5
+- fix CVE-2022-45907
+
 * Mon Dec 26 2022 wangdongxing <dxwangk@isoftstone.com> - 1.6.0-4
 - fixes: error: add build requires make for compile local
 
-- 
Gitee