ANE/reports at ad119aed46cd5ba0fff133982c74e96b8594a683 - ANE

History

manni07 ad119aed46 fix: address CRIT security findings (CRIT-01 to CRIT-04) - CRIT-01: dlopen() return check + NSClassFromString validation in ane_init() (ane_runtime.h + stories_config.h); g_ane_ok / g_ane_ok_large flag only set when all private classes load successfully; stories_config.h gets re-entry guard (g_ane_init_done) that was previously missing - CRIT-02: g_ane_ok guard in ane_compile() and compile_kern_mil_w(); NULL check for inMemoryModel after inMemoryModelWithDescriptor: — prevents crash when API call returns nil (ane_runtime.h, stories_io.h) - CRIT-03: Validate fread() return for critical config/header reads to prevent garbage malloc() sizes; fopen() NULL check in save_checkpoint(); design decision documented (model.h, train_large.m) - CRIT-04: int -> size_t in build_blob*/build_blob_t/build_blob_fp16; calloc() NULL checks added; (size_t) cast in malloc() size calculations to prevent signed integer overflow UB (stories_io.h, model.h) Simulation: 3 iterations, overall score 96.15% (all criteria >= 95%) ref: docs/reports/security-audit-2026-03-02.md	2026-03-02 22:14:51 +01:00
..
security-audit-2026-03-02.md	fix: address CRIT security findings (CRIT-01 to CRIT-04)	2026-03-02 22:14:51 +01:00

manni07 ad119aed46 fix: address CRIT security findings (CRIT-01 to CRIT-04)

- CRIT-01: dlopen() return check + NSClassFromString validation in ane_init()
           (ane_runtime.h + stories_config.h); g_ane_ok / g_ane_ok_large flag
           only set when all private classes load successfully; stories_config.h
           gets re-entry guard (g_ane_init_done) that was previously missing
- CRIT-02: g_ane_ok guard in ane_compile() and compile_kern_mil_w(); NULL check
           for inMemoryModel after inMemoryModelWithDescriptor: — prevents crash
           when API call returns nil (ane_runtime.h, stories_io.h)
- CRIT-03: Validate fread() return for critical config/header reads to prevent
           garbage malloc() sizes; fopen() NULL check in save_checkpoint();
           design decision documented (model.h, train_large.m)
- CRIT-04: int -> size_t in build_blob*/build_blob_t/build_blob_fp16; calloc()
           NULL checks added; (size_t) cast in malloc() size calculations to
           prevent signed integer overflow UB (stories_io.h, model.h)

Simulation: 3 iterations, overall score 96.15% (all criteria >= 95%)
ref: docs/reports/security-audit-2026-03-02.md

2026-03-02 22:14:51 +01:00

security-audit-2026-03-02.md

fix: address CRIT security findings (CRIT-01 to CRIT-04)

2026-03-02 22:14:51 +01:00