-
C-3 (
runtime/gradient_runtime.c): Guardmalloc(size+1)in__gradient_file_readagainstftell()returning −1 on non-seekable files (pipes,/proc/*). Falls back to incremental buffered read instead of passing a wrappedsize_tvalue tomalloc. -
C-5 (
runtime/gradient_runtime.c): Harden__gradient_http_getandhttp_post_implagainst protocol-downgrade and SSRF attacks:CURLOPT_PROTOCOLS_STR="https",CURLOPT_REDIR_PROTOCOLS_STR="https",CURLOPT_MAXREDIRS=5,CURLOPT_SSL_VERIFYPEER=1,CURLOPT_SSL_VERIFYHOST=2. -
H-3 (
runtime/gradient_runtime.c): Introducesafe_realloc(ptr, size)wrapper thatfree()s the original pointer and callsabort()onNULLreturn. Replaced all seven rawrealloccall sites (map growth, curl receive buffer, JSON string/array buffers,json_buf_append,stringbuilder_grow). -
H-4 (
runtime/gradient_runtime.c): Adddepthcounter toJsonParserand aMAX_JSON_DEPTH = 128guard injson_parse_arrayandjson_parse_object. Deeply-nested inputs (depth-bomb payloads) now return a parse error instead of consuming unbounded stack. -
M-2 (
scripts/install.sh): Add--lockedto thecargo buildinvocation so installs are reproducible and cannot silently resolve different dependency versions than those inCargo.lock. -
L-4 (
build-system/src/commands/build.rs): Replace the fixed/tmp/gradient_stdin_output.opath withtempfile::NamedTempFileso concurrent invocations and unprivileged users cannot race or predict the output path. -
L-7 (
compiler/src/codegen/cranelift.rs): Enable Cranelift's built-in IR verifier (enable_verifier = true) in debug builds (#[cfg(debug_assertions)]) to catch malformed IR early during development. -
WASM gate: Renamed feature
wasm→wasm-unstableinCargo.tomland all#[cfg]sites. The WASM backend is gated until C-1 (allocator OOB) and C-2 (unconstrained WASI imports) are resolved. Seedocs/WASM.md.