Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix: prevent makeslice panic in ReadNeedleMeta with corrupted needle (#7675) 

* fix: prevent makeslice panic in ReadNeedleMeta with corrupted needle

When a needle's DataSize in the .dat file is corrupted to a very large
value, the calculation of metaSize can become negative, causing a panic
with 'makeslice: len out of range' when creating the metadata slice.

This fix adds validation to check if metaSize is negative before
creating the slice, returning a descriptive error instead of panicking.

Fixes #7475

* Update weed/storage/needle/needle_read_page.go

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
pull/7685/head
Chris Lu 2 days ago
committed by GitHub
parent
9196696278
commit
cea12ba3c4
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      weed/storage/needle/needle_read_page.go

3
weed/storage/needle/needle_read_page.go
View File

@ -64,6 +64,9 @@ func (n *Needle) ReadNeedleMeta(r backend.BackendStorageFile, offset int64, size
dataSize := GetActualSize(size, version)
stopOffset := offset + dataSize
metaSize := stopOffset - startOffset
if metaSize < 0 || metaSize > 128*1024 {
return fmt.Errorf("invalid needle meta size %d: DataSize=%d, size=%d, offset=%d", metaSize, n.DataSize, size, offset)
}
metaSlice := make([]byte, int(metaSize))
count, err = r.ReadAt(metaSlice, startOffset)

Write Preview
Loading…
Cancel
Save