manni07
|
b3936dce86
|
docs: update diary with HIGH-03 implementation details
Document the FD/mmap cleanup and realpath() argv[0] fix applied in
commit b5c3cf9, including design decisions and updated finding status.
|
2026-03-02 23:21:33 +01:00 |
manni07
|
168754cb8e
|
docs: update diary #001 with HIGH-01 implementation summary
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-02 23:13:01 +01:00 |
manni07
|
9fd445efe9
|
fix: address MED security findings (MED-01 to MED-06)
- MED-01: IOSurfaceLock() return checked in all 6 I/O functions; early return
on failure prevents data race (stories_io.h, ane_runtime.h)
- MED-02: Per-process/per-call unique temp dirs via getpid()+g_compile_seq
(stories_io.h, ane_runtime.h)
- MED-03: mil_dims_valid() guard in all 7 MIL-gen functions; nil return on
invalid params (ane_mil_gen.h)
- MED-04: CkptHdr.pad[0]=0x01020304 byte-order sentinel; runtime check in
load_checkpoint; _Static_assert for compile-time LE guarantee (train_large.m)
- MED-05: _Static_assert(SEQ%8==0) + ARM64 alignment rationale comment (stories_io.h)
- MED-06: dispatch_once replaces manual g_ane_loaded/g_ane_init_done guards;
thread-safe one-time ANE init (ane_runtime.h, stories_config.h)
ref: docs/reports/security-audit-2026-03-02.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-02 23:08:57 +01:00 |
manni07
|
98d54b2486
|
fix: address CRIT security findings (CRIT-01 to CRIT-04)
- CRIT-01: dlopen() return check + NSClassFromString validation in ane_init()
(ane_runtime.h + stories_config.h); g_ane_ok / g_ane_ok_large flag
only set when all private classes load successfully; stories_config.h
gets re-entry guard (g_ane_init_done) that was previously missing
- CRIT-02: g_ane_ok guard in ane_compile() and compile_kern_mil_w(); NULL check
for inMemoryModel after inMemoryModelWithDescriptor: — prevents crash
when API call returns nil (ane_runtime.h, stories_io.h)
- CRIT-03: Validate fread() return for critical config/header reads to prevent
garbage malloc() sizes; fopen() NULL check in save_checkpoint();
design decision documented (model.h, train_large.m)
- CRIT-04: int -> size_t in build_blob*/build_blob_t/build_blob_fp16; calloc()
NULL checks added; (size_t) cast in malloc() size calculations to
prevent signed integer overflow UB (stories_io.h, model.h)
Simulation: 3 iterations, overall score 96.15% (all criteria >= 95%)
ref: docs/reports/security-audit-2026-03-02.md
|
2026-03-02 23:08:57 +01:00 |