Summary
I’m planning a follow-up hardening pass for the Spine SQL layer. Currently, we build our bulk queries (like the main data push in util.c) using dozens of manual sqlp += sprintf(...) calls.
Work
This approach is fragile for two reasons:
- It relies on manual pointer arithmetic and buffer tracking at every single step, which is a prime candidate for off-by-one errors or silent overflows if a field grows.
- It’s a maintenance headache—every time a field is added to the schema, we have to manually sync several blocks of repetitive sprintf logic.
The Plan:
- Implement a small sql_buffer_t helper that handles bounded snprintf and pointer advancement automatically (eliminating the manual += math).
- Refactor poller_push_data_to_main to use this helper. This will likely shrink util.c by ~100 lines and make the SQL structure much easier to audit and maintain.
Goal is to make the data path 100% 'safe-by-construction' and easier for us to add fields in the future without the boilerplate noise.
Acceptance Criteria
Summary
I’m planning a follow-up hardening pass for the Spine SQL layer. Currently, we build our bulk queries (like the main data push in util.c) using dozens of manual sqlp += sprintf(...) calls.
Work
This approach is fragile for two reasons:
The Plan:
Goal is to make the data path 100% 'safe-by-construction' and easier for us to add fields in the future without the boilerplate noise.
Acceptance Criteria