Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
9.0
-
None
-
None
-
Steps to reproduce
- Use a Linux machine.
- Build commit ea2c8ba of Solr as described in the section below.
- Build the films collection as described below.
- Start the server using the command ./bin/solr start -f -p 8983 -s /tmp/home
- Request the URL given in the bug description.
Compiling the server
git clone https://github.com/apache/lucene-solr cd lucene-solr git checkout ea2c8ba ant compile cd solr ant server
Building the collection
We followed Exercise 2 from the Solr Tutorial. The attached file (home.zip) gives the contents of folder /tmp/home that you will obtain by following the steps below:
mkdir -p /tmp/home echo '<?xml version="1.0" encoding="UTF-8" ?><solr></solr>' > /tmp/home/solr.xml
In one terminal start a Solr instance in foreground:
./bin/solr start -f -p 8983 -s /tmp/home
In another terminal, create a collection of movies, with no shards and no replication, and initialize it:
bin/solr create -c films curl -X POST -H 'Content-type:application/json' --data-binary '{"add-field": {"name":"name", "type":"text_general", "multiValued":false, "stored":true}}' http://localhost:8983/solr/films/schema curl -X POST -H 'Content-type:application/json' --data-binary '{"add-copy-field" : {"source":"*","dest":"_text_"}}' http://localhost:8983/solr/films/schema ./bin/post -c films example/films/films.jsonSteps to reproduce Use a Linux machine. Build commit ea2c8ba of Solr as described in the section below. Build the films collection as described below. Start the server using the command ./bin/solr start -f -p 8983 -s /tmp/home Request the URL given in the bug description. Compiling the server git clone https://github.com/apache/lucene-solr cd lucene-solr git checkout ea2c8ba ant compile cd solr ant server Building the collection We followed Exercise 2 from the Solr Tutorial . The attached file ( home.zip ) gives the contents of folder /tmp/home that you will obtain by following the steps below: mkdir -p /tmp/home echo '<?xml version="1.0" encoding="UTF-8" ?><solr></solr>' > /tmp/home/solr.xml In one terminal start a Solr instance in foreground: ./bin/solr start -f -p 8983 -s /tmp/home In another terminal, create a collection of movies, with no shards and no replication, and initialize it: bin/solr create -c films curl -X POST -H 'Content-type:application/json' --data-binary '{"add-field": {"name":"name", "type":"text_general", "multiValued":false, "stored":true}}' http://localhost:8983/solr/films/schema curl -X POST -H 'Content-type:application/json' --data-binary '{"add-copy-field" : {"source":"*","dest":"_text_"}}' http://localhost:8983/solr/films/schema ./bin/post -c films example/films/films.json
Description
Requesting the following URL causes Solr to return an HTTP 500 error response:
http://localhost:8983/solr/films/select?defType=xxx
The error response seems to be caused by the following uncaught exception:
java.lang.NullPointerException at org.apache.solr.search.QParser.getParser(QParser.java:367) at org.apache.solr.search.QParser.getParser(QParser.java:319) at org.apache.solr.handler.component.QueryComponent.prepare(QueryComponent.java:157) at org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:272) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:199) at org.apache.solr.core.SolrCore.execute(SolrCore.java:2559) [...]
The problem seems to be related to the input validation of parameter defType. Method org.apache.solr.search.QParser.getParser() retrieves a QParserPlugin at line 366, but the parserName is xxx and the returned plugin is null. Immediately after (line 367) this plugin is used, thus triggering the NPE. The null pointer should probably be checked before it's used.
I think this is the example bug we described in the video attached to this blog post. We found this bug and 70 more like this using Diffblue Microservices Testing. Check the blog post to learn more about this fuzz testing campaign we are running.
Attachments
Attachments
Issue Links
- duplicates
-
-
- Closed
-