From b5c3cf953d604922b79fa8cf4ef105499511298f Mon Sep 17 00:00:00 2001 From: manni07 Date: Mon, 2 Mar 2026 23:20:59 +0100 Subject: [PATCH] fix(HIGH-03): clean up FD/mmap and resolve argv[0] before exec restart - munmap(token_data) + close(data_fd) before execl() prevents FD/mmap leak across process boundary - realpath(argv[0]) resolves binary path to prevent exec of wrong binary when invoked via relative path ref: docs/reports/security-audit-2026-03-02.md HIGH-03 --- training/train_large.m | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/training/train_large.m b/training/train_large.m index 1f6860f..1ef0840 100644 --- a/training/train_large.m +++ b/training/train_large.m @@ -361,9 +361,14 @@ int main(int argc, char *argv[]) { total_compile_ms+cum_compile, total_train_ms+cum_train, wall+cum_wall, total_steps_done+cum_steps, total_batches+cum_batches, adam_t, lw, la, rms_final, &arms_final, embed, &aembed); - printf("[exec() restart step %d, %d compiles, loss=%.4f]\n", step, g_compile_count, last_loss); + char rp_exec[PATH_MAX]; + if (!realpath(argv[0], rp_exec)) { perror("cannot resolve argv[0]"); return 1; } + printf("[exec() restart step %d, %d compiles, loss=%.4f -> %s]\n", + step, g_compile_count, last_loss, rp_exec); fflush(stdout); - execl(argv[0], argv[0], "--resume", NULL); + munmap(token_data, data_len); // HIGH-03: release mmap before exec + close(data_fd); // HIGH-03: release FD before exec + execl(rp_exec, rp_exec, "--resume", NULL); perror("execl"); return 1; }