python3-numpy: fix CVE-2021-41496

Backport patch [1] to fix CVE-2021-41496.

[1] https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2

(From OE-Core rev: 9a69897f464432e0b6ef9b8ad5d8110d78a1162a)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2 files changed, 65 insertions, 0 deletions

diff --git a/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch b/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch
new file mode 100644
index 0000000000..0afc79ae0d
--- /dev/null
+++ b/meta/recipes-devtools/python-numpy/files/CVE-2021-41496.patch
@@ -0,0 +1,64 @@
+From 86d81322c5c0ab67f89d64f56f6e77d4fe185910 Mon Sep 17 00:00:00 2001
+From: Warren Weckesser <warren.weckesser@gmail.com>
+Date: Tue, 29 Mar 2022 15:58:00 +0800
+Subject: [PATCH] BUG: f2py: Simplify creation of an exception message. Closes
+ gh-19000.
+
+CVE: CVE-2021-41496
+
+Upstream-Status: Backport [https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ numpy/f2py/src/fortranobject.c | 26 ++++++++++++--------------
+ 1 file changed, 12 insertions(+), 14 deletions(-)
+
+diff --git a/numpy/f2py/src/fortranobject.c b/numpy/f2py/src/fortranobject.c
+index 3275f90..85c9c7f 100644
+--- a/numpy/f2py/src/fortranobject.c
++++ b/numpy/f2py/src/fortranobject.c
+@@ -637,14 +637,14 @@ static int check_and_fix_dimensions(const PyArrayObject* arr,
+                                     npy_intp *dims);
+ 
+ static int
+-count_negative_dimensions(const int rank,
++find_first_negative_dimension(const int rank,
+                           const npy_intp *dims) {
+-    int i=0,r=0;
+-    while (i<rank) {
+-        if (dims[i] < 0) ++r;
+-        ++i;
++    for (int i = 0; i < rank; ++i) {
++        if (dims[i] < 0) {
++            return i;
++        }
+     }
+-    return r;
++    return -1;
+ }
+ 
+ #ifdef DEBUG_COPY_ND_ARRAY
+@@ -721,14 +721,12 @@ PyArrayObject* array_from_pyobj(const int type_num,
+         || ((intent & F2PY_OPTIONAL) && (obj==Py_None))
+         ) {
+         /* intent(cache), optional, intent(hide) */
+-        if (count_negative_dimensions(rank,dims) > 0) {
+-            int i;
+-            strcpy(mess, "failed to create intent(cache|hide)|optional array"
+-                   "-- must have defined dimensions but got (");
+-            for(i=0;i<rank;++i)
+-                sprintf(mess+strlen(mess),"%" NPY_INTP_FMT ",",dims[i]);
+-            strcat(mess, ")");
+-            PyErr_SetString(PyExc_ValueError,mess);
++        int i = find_first_negative_dimension(rank, dims);
++        if (i >= 0) {
++            PyErr_Format(PyExc_ValueError,
++                         "failed to create intent(cache|hide)|optional array"
++                         " -- must have defined dimensions, but dims[%d] = %"
++                         NPY_INTP_FMT, i, dims[i]);
+             return NULL;
+         }
+         arr = (PyArrayObject *)
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb b/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb
index 6c3b886782..9e55e74d2c 100644
--- a/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb
+++ b/meta/recipes-devtools/python-numpy/python3-numpy_1.20.1.bb
@@ -10,6 +10,7 @@ SRCNAME = "numpy"
 SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
            file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \
            file://0001-numpy-core-Define-RISCV-32-support.patch \
+           file://CVE-2021-41496.patch \
            file://run-ptest \
 "
 SRC_URI[sha256sum] = "9bf51d69ebb4ca9239e55bedc2185fe2c0ec222da0adee7ece4125414676846d"