From cea12ba3c4df7b54027aa550043ca347bf3f3be4 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Mon, 8 Dec 2025 22:26:03 -0800 Subject: [PATCH] fix: prevent makeslice panic in ReadNeedleMeta with corrupted needle (#7675) * fix: prevent makeslice panic in ReadNeedleMeta with corrupted needle When a needle's DataSize in the .dat file is corrupted to a very large value, the calculation of metaSize can become negative, causing a panic with 'makeslice: len out of range' when creating the metadata slice. This fix adds validation to check if metaSize is negative before creating the slice, returning a descriptive error instead of panicking. Fixes #7475 * Update weed/storage/needle/needle_read_page.go Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- weed/storage/needle/needle_read_page.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/weed/storage/needle/needle_read_page.go b/weed/storage/needle/needle_read_page.go index 82142de4a..ab0a69739 100644 --- a/weed/storage/needle/needle_read_page.go +++ b/weed/storage/needle/needle_read_page.go @@ -64,6 +64,9 @@ func (n *Needle) ReadNeedleMeta(r backend.BackendStorageFile, offset int64, size dataSize := GetActualSize(size, version) stopOffset := offset + dataSize metaSize := stopOffset - startOffset + if metaSize < 0 || metaSize > 128*1024 { + return fmt.Errorf("invalid needle meta size %d: DataSize=%d, size=%d, offset=%d", metaSize, n.DataSize, size, offset) + } metaSlice := make([]byte, int(metaSize)) count, err = r.ReadAt(metaSlice, startOffset)