From ec1c27a4b3857227ac86f8919772f10cf87c2244 Mon Sep 17 00:00:00 2001
From: Chris Lu <chrislusf@users.noreply.github.com>
Date: Mon, 5 Jan 2026 19:21:57 -0800
Subject: [PATCH] storage/needle: add bounds check for WriteNeedleBlob buffer
 (#7973)

* storage/needle: add bounds check for WriteNeedleBlob buffer

* storage/needle: use int offsets when checking/writing Version3 timestamp

* Apply suggestion from @gemini-code-assist[bot]

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---
 weed/storage/needle/needle_write.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/weed/storage/needle/needle_write.go b/weed/storage/needle/needle_write.go
index dd8296b7a..009bf393e 100644
--- a/weed/storage/needle/needle_write.go
+++ b/weed/storage/needle/needle_write.go
@@ -62,7 +62,17 @@ func WriteNeedleBlob(w backend.BackendStorageFile, dataSlice []byte, size Size,
 	}
 
 	if version == Version3 {
-		tsOffset := NeedleHeaderSize + size + NeedleChecksumSize
+		// compute byte offset as int to compare and slice correctly
+		tsOffset := int(NeedleHeaderSize) + int(size) + NeedleChecksumSize
+		// Ensure dataSlice has enough capacity for the timestamp
+		if tsOffset < 0 {
+			err = fmt.Errorf("invalid needle size %d results in negative timestamp offset %d", size, tsOffset)
+			return
+		}
+		if tsOffset+TimestampSize > len(dataSlice) {
+			err = fmt.Errorf("needle blob buffer too small: need %d bytes, have %d", tsOffset+TimestampSize, len(dataSlice))
+			return
+		}
 		util.Uint64toBytes(dataSlice[tsOffset:tsOffset+TimestampSize], appendAtNs)
 	}