From 6353919d051100692c06d5a55fe162874ed6bcad Mon Sep 17 00:00:00 2001
From: Kousuke Saruta <sarutak@amazon.co.jp>
Date: Wed, 10 Dec 2025 13:50:29 +0900
Subject: [PATCH] Check offset and length

---
 .../main/java/org/apache/spark/unsafe/types/UTF8String.java  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/unsafe/src/main/java/org/apache/spark/unsafe/types/UTF8String.java b/common/unsafe/src/main/java/org/apache/spark/unsafe/types/UTF8String.java
index 1d96f8126e23..b9a34e9c8577 100644
--- a/common/unsafe/src/main/java/org/apache/spark/unsafe/types/UTF8String.java
+++ b/common/unsafe/src/main/java/org/apache/spark/unsafe/types/UTF8String.java
@@ -717,9 +717,10 @@ public UTF8String reverse() {
 
     int i = 0; // position in byte
     while (i < numBytes) {
-      int len = numBytesForFirstByte(getByte(i));
+      int len = Math.min(numBytesForFirstByte(getByte(i)), numBytes);
+      int targetOffset = Math.max(result.length - i - len, 0);
       copyMemory(this.base, this.offset + i, result,
-        BYTE_ARRAY_OFFSET + result.length - i - len, len);
+        BYTE_ARRAY_OFFSET + targetOffset, len);
 
       i += len;
     }