From 6294bc2a15fdde19d558078f8ea9c59a3993112b Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Tue, 17 Mar 2026 21:41:02 -0700
Subject: [PATCH] Validate SuperBlock extra data size matching Go's Bytes()
 guard

Go checks extraSize > 256*256-2 and calls glog.Fatalf to prevent
corrupt super block headers. Rust was silently truncating via u16 cast,
which would write an incorrect extra_size field.
---
 seaweed-volume/src/storage/super_block.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/seaweed-volume/src/storage/super_block.rs b/seaweed-volume/src/storage/super_block.rs
index 1a3a2140f..033d1a929 100644
--- a/seaweed-volume/src/storage/super_block.rs
+++ b/seaweed-volume/src/storage/super_block.rs
@@ -42,6 +42,12 @@ impl SuperBlock {
         header[4..6].copy_from_slice(&self.compaction_revision.to_be_bytes());
 
         if !self.extra_data.is_empty() {
+            // Go checks extraSize > 256*256-2 and calls glog.Fatalf; guard against u16 overflow.
+            assert!(
+                self.extra_data.len() <= 65534,
+                "super block extra data too large: {} > 65534",
+                self.extra_data.len()
+            );
             let extra_size = self.extra_data.len() as u16;
             header[6..8].copy_from_slice(&extra_size.to_be_bytes());
             header.extend_from_slice(&self.extra_data);