Projects
home:Eustace:branches:Eulaceura:Factory
libxsmm
_service:obs_scm:CVE-2021-39535_CVE-2021-39536....
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:CVE-2021-39535_CVE-2021-39536.patch of Package libxsmm
From 3f417e5e0670b066d558052fd32fc8093c81ee94 Mon Sep 17 00:00:00 2001 From: Hans Pabst <hans.pabst@intel.com> Date: Fri, 1 Oct 2021 10:22:57 +0200 Subject: [PATCH] Issue 513: merge fixes from master/main. --- src/generator_spgemm_csc_bsparse.c | 2 +- src/generator_spgemm_csc_reader.c | 52 +++++++++++++++--------------- src/generator_spgemm_csc_reader.h | 4 +-- src/generator_spgemm_csr_asparse.c | 2 +- src/generator_spgemm_csr_reader.c | 52 +++++++++++++++--------------- src/generator_spgemm_csr_reader.h | 4 +-- 6 files changed, 58 insertions(+), 58 deletions(-) diff --git a/src/generator_spgemm_csc_bsparse.c b/src/generator_spgemm_csc_bsparse.c index 18e0fd4e7d..0ffa6bb0ae 100644 --- a/src/generator_spgemm_csc_bsparse.c +++ b/src/generator_spgemm_csc_bsparse.c @@ -133,7 +133,7 @@ void libxsmm_generator_spgemm_csc_bsparse( libxsmm_generated_code* io_ge return; } - /* generate the actuel kernel */ + /* generate the actual kernel */ l_code_length = LIBXSMM_SNPRINTF(l_new_code, l_max_code_length, " for ( l_m = 0; l_m < %u; l_m++) {\n", (unsigned int)i_xgemm_desc->m); libxsmm_append_code_as_string( io_generated_code, l_new_code, l_code_length ); diff --git a/src/generator_spgemm_csc_reader.c b/src/generator_spgemm_csc_reader.c index b7cc2aa2bd..50480e93a6 100644 --- a/src/generator_spgemm_csc_reader.c +++ b/src/generator_spgemm_csc_reader.c @@ -56,8 +56,8 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, - unsigned int* o_row_count, - unsigned int* o_column_count, + unsigned int* io_row_count, + unsigned int* io_column_count, unsigned int* o_element_count ) { FILE *l_csc_file_handle; const unsigned int l_line_length = 512; @@ -75,7 +75,8 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, while (fgets(l_line, l_line_length, l_csc_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; fclose( l_csc_file_handle ); /* close mtx file */ LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_LEN ); return; @@ -86,18 +87,21 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, } else { /* if we are the first line after comment header, we allocate our data structures */ if ( l_header_read == 0 ) { - if (3 == sscanf(l_line, "%u %u %u", o_row_count, o_column_count, o_element_count) && - 0 != *o_row_count && 0 != *o_column_count && 0 != *o_element_count) + unsigned int row_count, column_count; + if (3 == sscanf(l_line, "%u %u %u", &row_count, &column_count, o_element_count) && + 0 != row_count && 0 != column_count && 0 != *o_element_count) { - /* allocate CSC data structure matching mtx file */ + *io_column_count = LIBXSMM_MAX(*io_column_count, column_count); + *io_row_count = LIBXSMM_MAX(*io_row_count, row_count); + /* allocate CSC data structure matching mtx file, and set everything to zero for init */ /* coverity[tainted_data] */ - *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); + *o_row_idx = (unsigned int*)calloc(*o_element_count, sizeof(unsigned int)); /* coverity[tainted_data] */ - *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * ((size_t)(*o_column_count) + 1)); + *o_column_idx = (unsigned int*)calloc((size_t)*io_column_count + 1, sizeof(unsigned int)); /* coverity[tainted_data] */ - *o_values = (double*) malloc(sizeof(double) * (*o_element_count)); + *o_values = (double*)calloc(*o_element_count, sizeof(double)); /* coverity[tainted_data] */ - l_column_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_column_count)); + l_column_idx_id = (unsigned int*)calloc(*io_column_count, sizeof(unsigned int)); /* check if mallocs were successful */ if ( ( *o_row_idx == NULL ) || @@ -105,25 +109,16 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, ( *o_values == NULL ) || ( l_column_idx_id == NULL ) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; fclose(l_csc_file_handle); /* close mtx file */ LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_ALLOC_DATA ); return; } - /* set everything to zero for init */ - /* coverity[tainted_data] */ - memset(*o_row_idx, 0, sizeof(unsigned int) * (*o_element_count)); - /* coverity[tainted_data] */ - memset(*o_column_idx, 0, sizeof(unsigned int) * ((size_t)(*o_column_count) + 1)); - /* coverity[tainted_data] */ - memset(*o_values, 0, sizeof(double) * (*o_element_count)); - /* coverity[tainted_data] */ - memset(l_column_idx_id, 0, sizeof(unsigned int) * (*o_column_count)); - /* init column idx */ /* coverity[tainted_data] */ - for (l_i = 0; l_i <= *o_column_count; ++l_i) { + for (l_i = 0; l_i <= *io_column_count; ++l_i) { (*o_column_idx)[l_i] = *o_element_count; } /* init */ @@ -140,9 +135,13 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, unsigned int l_row = 0, l_column = 0; double l_value = 0; /* read a line of content */ - if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3 ) { + if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3 + || l_row > *io_row_count || l_column > *io_column_count + || l_i >= *o_element_count ) + { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; fclose(l_csc_file_handle); /* close mtx file */ LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_ELEMS ); return; @@ -168,14 +167,15 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, /* check if we read a file which was consistent */ if ( l_i != (*o_element_count) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_LEN ); return; } if ( l_column_idx_id != NULL ) { /* let's handle empty columns */ - for ( l_i = 0; l_i < (*o_column_count); l_i++) { + for ( l_i = 0; l_i < (*io_column_count); l_i++) { if ( l_column_idx_id[l_i] == 0 ) { (*o_column_idx)[l_i+1] = (*o_column_idx)[l_i]; } diff --git a/src/generator_spgemm_csc_reader.h b/src/generator_spgemm_csc_reader.h index ff207a6752..896766bd91 100644 --- a/src/generator_spgemm_csc_reader.h +++ b/src/generator_spgemm_csc_reader.h @@ -21,8 +21,8 @@ void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, - unsigned int* o_row_count, - unsigned int* o_column_count, + unsigned int* io_row_count, + unsigned int* io_column_count, unsigned int* o_element_count ); #endif /* GENERATOR_SPGEMM_CSC_READER_H */ diff --git a/src/generator_spgemm_csr_asparse.c b/src/generator_spgemm_csr_asparse.c index d1d7f0f8db..9d3a2aebde 100644 --- a/src/generator_spgemm_csr_asparse.c +++ b/src/generator_spgemm_csr_asparse.c @@ -95,7 +95,7 @@ void libxsmm_generator_spgemm_csr_asparse( libxsmm_generated_code* io_ge libxsmm_append_code_as_string( io_generated_code, l_new_code, l_code_length ); } - /* generate the actuel kernel */ + /* generate the actual kernel */ l_code_length = LIBXSMM_SNPRINTF(l_new_code, l_max_code_length, " for ( l_n = 0; l_n < %u; l_n++) {\n", (unsigned int)i_xgemm_desc->n); libxsmm_append_code_as_string( io_generated_code, l_new_code, l_code_length ); diff --git a/src/generator_spgemm_csr_reader.c b/src/generator_spgemm_csr_reader.c index c25da7f2d9..e580313a8d 100644 --- a/src/generator_spgemm_csr_reader.c +++ b/src/generator_spgemm_csr_reader.c @@ -17,8 +17,8 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, - unsigned int* o_row_count, - unsigned int* o_column_count, + unsigned int* io_row_count, + unsigned int* io_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; @@ -36,7 +36,8 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; fclose(l_csr_file_handle); /* close mtx file */ LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_READ_LEN ); return; @@ -47,18 +48,21 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, } else { /* if we are the first line after comment header, we allocate our data structures */ if ( l_header_read == 0 ) { - if (3 == sscanf(l_line, "%u %u %u", o_row_count, o_column_count, o_element_count) && - 0 != *o_row_count && 0 != *o_column_count && 0 != *o_element_count) + unsigned int row_count, column_count; + if (3 == sscanf(l_line, "%u %u %u", &row_count, &column_count, o_element_count) && + 0 != row_count && 0 != column_count && 0 != *o_element_count) { - /* allocate CSC data-structure matching mtx file */ + *io_column_count = LIBXSMM_MAX(*io_column_count, column_count); + *io_row_count = LIBXSMM_MAX(*io_row_count, row_count); + /* allocate CSC data-structure matching mtx file, and set everything to zero for init */ /* coverity[tainted_data] */ - *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); + *o_column_idx = (unsigned int*)calloc(*o_element_count, sizeof(unsigned int)); /* coverity[tainted_data] */ - *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * ((size_t)(*o_row_count) + 1)); + *o_row_idx = (unsigned int*)calloc((size_t)*io_row_count + 1, sizeof(unsigned int)); /* coverity[tainted_data] */ - *o_values = (double*) malloc(sizeof(double) * (*o_element_count)); + *o_values = (double*)calloc(*o_element_count, sizeof(double)); /* coverity[tainted_data] */ - l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); + l_row_idx_id = (unsigned int*)calloc(*io_row_count, sizeof(unsigned int)); /* check if mallocs were successful */ if ( ( *o_row_idx == NULL ) || @@ -66,25 +70,16 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; fclose(l_csr_file_handle); /* close mtx file */ LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_ALLOC_DATA ); return; } - /* set everything to zero for init */ - /* coverity[tainted_data] */ - memset(*o_row_idx, 0, sizeof(unsigned int) * ((size_t)(*o_row_count) + 1)); - /* coverity[tainted_data] */ - memset(*o_column_idx, 0, sizeof(unsigned int) * (*o_element_count)); - /* coverity[tainted_data] */ - memset(*o_values, 0, sizeof(double) * (*o_element_count)); - /* coverity[tainted_data] */ - memset(l_row_idx_id, 0, sizeof(unsigned int) * (*o_row_count)); - /* init column idx */ /* coverity[tainted_data] */ - for ( l_i = 0; l_i <= *o_row_count; ++l_i ) + for ( l_i = 0; l_i <= *io_row_count; ++l_i ) (*o_row_idx)[l_i] = (*o_element_count); /* init */ @@ -101,9 +96,13 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, unsigned int l_row = 0, l_column = 0; double l_value = 0; /* read a line of content */ - if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3 ) { + if ( sscanf(l_line, "%u %u %lf", &l_row, &l_column, &l_value) != 3 + || l_row > * io_row_count || l_column > * io_column_count + || l_i >= * o_element_count ) + { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; fclose(l_csr_file_handle); /* close mtx file */ LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_READ_ELEMS ); return; @@ -129,14 +128,15 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, /* check if we read a file which was consistent */ if ( l_i != (*o_element_count) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); - *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; + *io_row_count = *io_column_count = *o_element_count = 0; + *o_row_idx = *o_column_idx = NULL; *o_values = NULL; LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_LEN ); return; } if ( l_row_idx_id != NULL ) { /* let's handle empty rows */ - for ( l_i = 0; l_i < (*o_row_count); l_i++) { + for ( l_i = 0; l_i < (*io_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } diff --git a/src/generator_spgemm_csr_reader.h b/src/generator_spgemm_csr_reader.h index a282870ff7..1e852a77ae 100644 --- a/src/generator_spgemm_csr_reader.h +++ b/src/generator_spgemm_csr_reader.h @@ -21,8 +21,8 @@ void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, - unsigned int* o_row_count, - unsigned int* o_column_count, + unsigned int* io_row_count, + unsigned int* io_column_count, unsigned int* o_element_count ); #endif /* GENERATOR_SPGEMM_CSR_READER_H */
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2