berkus/ANE - ANE

Commit Graph

Author	SHA1	Message	Date
manni07	7c67e78306	fix: address MED security findings (MED-01 to MED-06) - MED-01: IOSurfaceLock() return checked in all 6 I/O functions; early return on failure prevents data race (stories_io.h, ane_runtime.h) - MED-02: Per-process/per-call unique temp dirs via getpid()+g_compile_seq (stories_io.h, ane_runtime.h) - MED-03: mil_dims_valid() guard in all 7 MIL-gen functions; nil return on invalid params (ane_mil_gen.h) - MED-04: CkptHdr.pad[0]=0x01020304 byte-order sentinel; runtime check in load_checkpoint; _Static_assert for compile-time LE guarantee (train_large.m) - MED-05: _Static_assert(SEQ%8==0) + ARM64 alignment rationale comment (stories_io.h) - MED-06: dispatch_once replaces manual g_ane_loaded/g_ane_init_done guards; thread-safe one-time ANE init (ane_runtime.h, stories_config.h) ref: docs/reports/security-audit-2026-03-02.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 22:45:19 +01:00
manni07	aa5a6ddd86	fix: address CRIT security findings (CRIT-01 to CRIT-04) - CRIT-01: dlopen() return check + NSClassFromString validation in ane_init() (ane_runtime.h + stories_config.h); g_ane_ok / g_ane_ok_large flag only set when all private classes load successfully; stories_config.h gets re-entry guard (g_ane_init_done) that was previously missing - CRIT-02: g_ane_ok guard in ane_compile() and compile_kern_mil_w(); NULL check for inMemoryModel after inMemoryModelWithDescriptor: — prevents crash when API call returns nil (ane_runtime.h, stories_io.h) - CRIT-03: Validate fread() return for critical config/header reads to prevent garbage malloc() sizes; fopen() NULL check in save_checkpoint(); design decision documented (model.h, train_large.m) - CRIT-04: int -> size_t in build_blob*/build_blob_t/build_blob_fp16; calloc() NULL checks added; (size_t) cast in malloc() size calculations to prevent signed integer overflow UB (stories_io.h, model.h) Simulation: 3 iterations, overall score 96.15% (all criteria >= 95%) ref: docs/reports/security-audit-2026-03-02.md	2026-03-02 22:38:12 +01:00
maderix	f213c8db68	Initial release	2026-02-28 00:22:06 -08:00

Author

SHA1

Message

Date

manni07

7c67e78306

fix: address MED security findings (MED-01 to MED-06)

- MED-01: IOSurfaceLock() return checked in all 6 I/O functions; early return
          on failure prevents data race (stories_io.h, ane_runtime.h)
- MED-02: Per-process/per-call unique temp dirs via getpid()+g_compile_seq
          (stories_io.h, ane_runtime.h)
- MED-03: mil_dims_valid() guard in all 7 MIL-gen functions; nil return on
          invalid params (ane_mil_gen.h)
- MED-04: CkptHdr.pad[0]=0x01020304 byte-order sentinel; runtime check in
          load_checkpoint; _Static_assert for compile-time LE guarantee (train_large.m)
- MED-05: _Static_assert(SEQ%8==0) + ARM64 alignment rationale comment (stories_io.h)
- MED-06: dispatch_once replaces manual g_ane_loaded/g_ane_init_done guards;
          thread-safe one-time ANE init (ane_runtime.h, stories_config.h)

ref: docs/reports/security-audit-2026-03-02.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-02 22:45:19 +01:00

manni07

aa5a6ddd86

fix: address CRIT security findings (CRIT-01 to CRIT-04)

- CRIT-01: dlopen() return check + NSClassFromString validation in ane_init()
           (ane_runtime.h + stories_config.h); g_ane_ok / g_ane_ok_large flag
           only set when all private classes load successfully; stories_config.h
           gets re-entry guard (g_ane_init_done) that was previously missing
- CRIT-02: g_ane_ok guard in ane_compile() and compile_kern_mil_w(); NULL check
           for inMemoryModel after inMemoryModelWithDescriptor: — prevents crash
           when API call returns nil (ane_runtime.h, stories_io.h)
- CRIT-03: Validate fread() return for critical config/header reads to prevent
           garbage malloc() sizes; fopen() NULL check in save_checkpoint();
           design decision documented (model.h, train_large.m)
- CRIT-04: int -> size_t in build_blob*/build_blob_t/build_blob_fp16; calloc()
           NULL checks added; (size_t) cast in malloc() size calculations to
           prevent signed integer overflow UB (stories_io.h, model.h)

Simulation: 3 iterations, overall score 96.15% (all criteria >= 95%)
ref: docs/reports/security-audit-2026-03-02.md

2026-03-02 22:38:12 +01:00

maderix

f213c8db68

Initial release

2026-02-28 00:22:06 -08:00

3 Commits