manni07 7c67e78306 fix: address MED security findings (MED-01 to MED-06) ... - MED-01: IOSurfaceLock() return checked in all 6 I/O functions; early return on failure prevents data race (stories_io.h, ane_runtime.h) - MED-02: Per-process/per-call unique temp dirs via getpid()+g_compile_seq (stories_io.h, ane_runtime.h) - MED-03: mil_dims_valid() guard in all 7 MIL-gen functions; nil return on invalid params (ane_mil_gen.h) - MED-04: CkptHdr.pad[0]=0x01020304 byte-order sentinel; runtime check in load_checkpoint; _Static_assert for compile-time LE guarantee (train_large.m) - MED-05: _Static_assert(SEQ%8==0) + ARM64 alignment rationale comment (stories_io.h) - MED-06: dispatch_once replaces manual g_ane_loaded/g_ane_init_done guards; thread-safe one-time ANE init (ane_runtime.h, stories_config.h) ref: docs/reports/security-audit-2026-03-02.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-03-02 22:45:19 +01:00
..
diaries	fix: address MED security findings (MED-01 to MED-06)	2026-03-02 22:45:19 +01:00
reports	fix: address MED security findings (MED-01 to MED-06)	2026-03-02 22:45:19 +01:00