Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13184

NPE due to missing input checking in ValueSourceParser

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 9.0
    • None

    Description

      Requesting the following URL causes Solr to return an HTTP 500 error response:

      http://localhost:8983/solr/films/select?q={!frange%20l=10%20u=100}joindf(genre:comedy,$x)
      

      The error response seems to be caused by the following uncaught exception:

      java.lang.NullPointerException
      at org.apache.lucene.queries.function.valuesource.JoinDocFreqValueSource.hashCode(JoinDocFreqValueSource.java:98)
      at org.apache.solr.search.function.ValueSourceRangeFilter.hashCode(ValueSourceRangeFilter.java:139)
      at org.apache.solr.search.SolrConstantScoreQuery.hashCode(SolrConstantScoreQuery.java:138)
      at org.apache.solr.search.QueryResultKey.<init>(QueryResultKey.java:46)
      at org.apache.solr.search.SolrIndexSearcher.getDocListC(SolrIndexSearcher.java:1328)
      at org.apache.solr.search.SolrIndexSearcher.search(SolrIndexSearcher.java:567)
      at org.apache.solr.handler.component.QueryComponent.doProcessUngroupedSearch(QueryComponent.java:1434)
      at org.apache.solr.handler.component.QueryComponent.process(QueryComponent.java:373)
      
      

      As far as I can tell, this bug comes about as follows: In org.apache.solr.search.ValueSourceParser, in the addParser(“joindf”, …) statement (lines 335-342), we extract the arguments f0 and qf without checking if these arguments could not be parsed. The test case produces a null pointer for the qfield field in the JoinDocFreqValueSource instance. This causes problems in hashcode (as evidenced in this bug), since it expects qfield to be non-null.

      Looking at the usages of qfield, it is generally expected to be non-null, so it seems we are missing input validation in the parser.

      We found this bug using Diffblue Microservices Testing. Find more information on this fuzz testing campaign.

      Attachments

        1. home.zip
          376 kB
          Johannes Kloos

        Issue Links

          Activity

            People

              Unassigned Unassigned
              jkloos Johannes Kloos
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h