Skip to content

Commit

Permalink
storage/needle: add bounds check for WriteNeedleBlob buffer (#7973)
Browse files Browse the repository at this point in the history 
* storage/needle: add bounds check for WriteNeedleBlob buffer

* storage/needle: use int offsets when checking/writing Version3 timestamp

* Apply suggestion from @gemini-code-assist[bot]

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
  • Loading branch information
2 people authored and GitHub committed Jan 6, 2026
1 parent d2f0d6c commit ec1c27a
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion weed/storage/needle/needle_write.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,17 @@ func WriteNeedleBlob(w backend.BackendStorageFile, dataSlice []byte, size Size,
}

if version == Version3 {
tsOffset := NeedleHeaderSize + size + NeedleChecksumSize
// compute byte offset as int to compare and slice correctly
tsOffset := int(NeedleHeaderSize) + int(size) + NeedleChecksumSize
// Ensure dataSlice has enough capacity for the timestamp
if tsOffset < 0 {
err = fmt.Errorf("invalid needle size %d results in negative timestamp offset %d", size, tsOffset)
return
}
if tsOffset+TimestampSize > len(dataSlice) {
err = fmt.Errorf("needle blob buffer too small: need %d bytes, have %d", tsOffset+TimestampSize, len(dataSlice))
return
}
util.Uint64toBytes(dataSlice[tsOffset:tsOffset+TimestampSize], appendAtNs)
}

Expand Down

0 comments on commit ec1c27a

Please sign in to comment.