File CVE-2021-33430-bufovrflw-ctors-DoS.patch of Package python2-numpy.22423
From 16f7824b4d935b6aee98298ca4123d57174a6f2e Mon Sep 17 00:00:00 2001
From: yetanothercheer <yetanothercheer@protonmail.com>
Date: Tue, 11 May 2021 14:28:37 +0800
Subject: [PATCH] BUG: fix potential buffer overflow(#18939)
---
numpy/core/src/multiarray/ctors.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/numpy/core/src/multiarray/ctors.c
+++ b/numpy/core/src/multiarray/ctors.c
@@ -928,6 +928,14 @@ PyArray_NewFromDescr_int(PyTypeObject *s
int i;
npy_intp nbytes;
+ if ((unsigned int)nd > (unsigned int)NPY_MAXDIMS) {
+ PyErr_Format(PyExc_ValueError,
+ "number of dimensions must be within [0, %d]",
+ NPY_MAXDIMS);
+ Py_DECREF(descr);
+ return NULL;
+ }
+
if (descr->subarray) {
PyObject *ret;
npy_intp newdims[2*NPY_MAXDIMS];
@@ -947,14 +955,6 @@ PyArray_NewFromDescr_int(PyTypeObject *s
return ret;
}
- if ((unsigned int)nd > (unsigned int)NPY_MAXDIMS) {
- PyErr_Format(PyExc_ValueError,
- "number of dimensions must be within [0, %d]",
- NPY_MAXDIMS);
- Py_DECREF(descr);
- return NULL;
- }
-
/* Check datatype element size */
nbytes = descr->elsize;
if (PyDataType_ISUNSIZED(descr)) {