Skip to content

fix: critical stability, security, and build improvements#29

Open
trbielec wants to merge 4 commits intosupabase:masterfrom
trbielec:fix/production-readiness
Open

fix: critical stability, security, and build improvements#29
trbielec wants to merge 4 commits intosupabase:masterfrom
trbielec:fix/production-readiness

Conversation

@trbielec
Copy link
Copy Markdown

@trbielec trbielec commented Nov 23, 2025

Overview

This Pull Request addresses fundamental stability and security vulnerabilities identified during a production readiness audit. It resolves critical memory safety issues, prevents data corruption during updates, enables deployment on managed platforms, and provides complete installation documentation.

Closes: #20, #26, #27

Changes

1. Core Stability & Security

  • Security (Buffer Overread): Replaced unsafe strlen() calls on JSONB strings (which are not null-terminated) with AMbytes(). This prevents potential information disclosure or segfaults during from_jsonb.
  • Security (DoS): Added check_stack_depth() guard clauses to all recursive functions (_object_walk, _array_walk, _autodoc_traverse) to prevent stack overflow attacks via deeply nested inputs.
  • Data Integrity (Stale Cache): Implemented explicit invalidate_flat_cache() logic in all modification paths. This ensures that sequential UPDATE operations correctly persist the latest state, fixing a bug where stale binary data was written to disk causing data loss.
  • Correctness: Added missing AM_OBJ_TYPE_TEXT handler in autodoc_to_jsonb, resolving silent data loss when exporting lists containing Text objects.

2. Build System & Deployment

  • Performance: Switched compilation flags from -O0 (debug) to -O2 (production), providing significant performance improvements for serialization-heavy workloads.
  • Deployment: Introduced AUTOMERGE_STATIC=1 build flag. This enables static linking of libautomerge.a, allowing the extension to be deployed on managed PostgreSQL platforms (e.g., AWS RDS, Supabase) where system-level shared libraries cannot be installed.

3. Documentation

  • Updated README: Added complete installation instructions for both static and dynamic linking workflows.
  • Examples: Added clear usage examples for basic operations, modification, and merging to address lack of working examples.

4. Verification

  • Regression Suite: Added sql/production_fixes.sql containing tests for stale cache invalidation, buffer safety, text list export, and numeric precision warnings.
  • Memory Safety: Validated with Valgrind (0 leaks found in extension code).
  • Platform: Verified build and test pass on PostgreSQL 18 (Linux/x86_64).

Impact

These changes are mandatory for production deployment. Without them, the extension is vulnerable to denial-of-service attacks and silent data corruption during standard SQL UPDATE workflows. The build updates allow the extension to run on modern managed cloud infrastructure.

@trbielec
fix: Resolve critical memory safety and data integrity issues
d7e1d8f 
- Fix buffer overread in JSONB import (use AMbytes instead of AMstr)
- Fix stack overflow vulnerability by adding check_stack_depth()
- Fix data corruption on updates via explicit cache invalidation
- Fix silent data loss when exporting Text objects in Lists
@trbielec
build: Enable production optimizations and static linking
209bc78 
- Switch from -O0 to -O2 to improve performance
- Add AUTOMERGE_STATIC=1 option for deployment on managed PostgreSQL platforms
@trbielec
test: Add regression suite for stability and integrity fixes
8247565 
Adds comprehensive tests covering:
- Stale cache invalidation (data corruption fix)
- JSONB buffer safety (buffer overread fix)
- Text list export correctness (data loss fix)
- Numeric precision handling
- Commit message type compatibility
@trbielec
docs: Improve README and add build artifacts to .gitignore
070c1dc 
- Add comprehensive installation instructions with static/dynamic linking options
- Document usage examples and API reference
- Add known limitations section
- Update .gitignore to exclude PostgreSQL build artifacts (*.o, *.bc, *.so, results/)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@trbielec