Reuven
|
7e61d76dd5
|
fix(security): Apply 8 critical security fixes and update ADRs
Security fixes applied:
- gemm.metal: Reduce tile sizes to fit M4 Pro 32KB threadgroup limit
- attention.metal: Guard against division by zero in GQA
- parser.rs: Add integer overflow check in GGUF array parsing
- shared.rs: Document race condition prevention for SharedArrayBuffer
- ios_learning.rs: Document safety invariants for unsafe transmute
- norm.metal: Add MAX_HIDDEN_SIZE_FUSED guard for buffer overflow
- kv_cache.rs: Add set_len_unchecked method with safety documentation
- memory_pool.rs: Document double-free prevention in Drop impl
ADR updates:
- Create ADR-007: Security Review & Technical Debt (~52h debt tracked)
- Update ADR-001 through ADR-006 with implementation status and security notes
- Document 13 technical debt items (P0-P3 priority)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-19 11:21:31 -05:00 |
|
