From 83f089f54715ea4d3d649cb6eade3ddfd548f9fa Mon Sep 17 00:00:00 2001
From: Iryna Shcherbina <ishcherb@redhat.com>
Date: Wed, 13 Sep 2017 11:31:56 +0200
Subject: [PATCH] Security fix for CVE-2017-12852
---
numpy/lib/arraypad.py | 8 ++++++++
numpy/lib/tests/test_arraypad.py | 11 +++++++++++
2 files changed, 19 insertions(+)
diff --git a/numpy/lib/arraypad.py b/numpy/lib/arraypad.py
index f70297f..183fd2e 100644
--- a/numpy/lib/arraypad.py
+++ b/numpy/lib/arraypad.py
@@ -1433,6 +1433,14 @@ def pad(array, pad_width, mode=None, **kwargs):
elif mode == 'reflect':
for axis, (pad_before, pad_after) in enumerate(pad_width):
+ if narray.shape[axis] == 0:
+ # Axes with non-zero padding cannot be empty.
+ if pad_before > 0 or pad_after > 0:
+ raise ValueError("There aren't any elements to reflect"
+ " in axis {} of `array`".format(axis))
+ # Skip zero padding on empty axes.
+ continue
+
# Recursive padding along any axis where `pad_amt` is too large
# for indexing tricks. We can only safely pad the original axis
# length, to keep the period of the reflections consistent.
diff --git a/numpy/lib/tests/test_arraypad.py b/numpy/lib/tests/test_arraypad.py
index 11d2c70..730befe 100644
--- a/numpy/lib/tests/test_arraypad.py
+++ b/numpy/lib/tests/test_arraypad.py
@@ -627,6 +627,11 @@ class TestReflect(TestCase):
b = np.array([1, 2, 3, 2, 1, 2, 3, 2, 1, 2, 3])
assert_array_equal(a, b)
+ def test_check_padding_an_empty_array(self):
+ a = pad(np.zeros((0, 3)), ((0,), (1,)), mode='reflect')
+ b = np.zeros((0, 5))
+ assert_array_equal(a, b)
+
class TestSymmetric(TestCase):
def test_check_simple(self):
@@ -975,6 +980,12 @@ class ValueError1(TestCase):
assert_raises(ValueError, pad, arr, ((-2, 3), (3, 2)),
**kwargs)
+ def test_check_empty_array(self):
+ assert_raises(ValueError, pad, [], 4, mode='reflect')
+ assert_raises(ValueError, pad, np.ndarray(0), 4, mode='reflect')
+ assert_raises(ValueError, pad, np.zeros((0, 3)), ((1,), (0,)),
+ mode='reflect')
+
class ValueError2(TestCase):
def test_check_negative_pad_amount(self):
--
2.13.5