gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

storage/needle: add bounds check for WriteNeedleBlob buffer (#7973)

Browse Source 
* storage/needle: add bounds check for WriteNeedleBlob buffer

* storage/needle: use int offsets when checking/writing Version3 timestamp

* Apply suggestion from @gemini-code-assist[bot]

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
This commit is contained in:
Chris Lu
2026-01-05 19:21:57 -08:00
committed by GitHub
parent d2f0d6c03b
commit ec1c27a4b3
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
weed/storage/needle/needle_write.go
View File

@@ -62,7 +62,17 @@ func WriteNeedleBlob(w backend.BackendStorageFile, dataSlice []byte, size Size,
} }
if version == Version3 { if version == Version3 {
tsOffset := NeedleHeaderSize + size + NeedleChecksumSize // compute byte offset as int to compare and slice correctly
tsOffset := int(NeedleHeaderSize) + int(size) + NeedleChecksumSize
// Ensure dataSlice has enough capacity for the timestamp
if tsOffset < 0 {
err = fmt.Errorf("invalid needle size %d results in negative timestamp offset %d", size, tsOffset)
return
}
if tsOffset+TimestampSize > len(dataSlice) {
err = fmt.Errorf("needle blob buffer too small: need %d bytes, have %d", tsOffset+TimestampSize, len(dataSlice))
return
}
util.Uint64toBytes(dataSlice[tsOffset:tsOffset+TimestampSize], appendAtNs) util.Uint64toBytes(dataSlice[tsOffset:tsOffset+TimestampSize], appendAtNs)
} }