[SOLR-13200] Parsing of invalid query yields NPE - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Duplicate
Affects Version/s: 9.0
Fix Version/s: 8.1, 9.0
Component/s: search
Labels:
- diffblue
- newdev
Environment:
Hide

Steps to reproduce

Use a Linux machine.

Build commit ea2c8ba of Solr as described in the section below.

Build the films collection as described below.

Start the server using the command {
Unknown macro: {./bin/solr start -f -p 8983 -s /tmp/home}

}

Request the URL given in the bug description.

Compiling the server

git clone https://github.com/apache/lucene-solr cd lucene-solr git checkout ea2c8ba ant compile cd solr ant server

Building the collection

We followed Exercise 2 from the Solr Tutorial. The attached file (home.zip) gives the contents of folder /tmp/home that you will obtain by following the steps below:

mkdir -p /tmp/home echo '<?xml version="1.0" encoding="UTF-8" ?><solr></solr>' > /tmp/home/solr.xml

In one terminal start a Solr instance in foreground:

./bin/solr start -f -p 8983 -s /tmp/home

In another terminal, create a collection of movies, with no shards and no replication, and initialize it:

bin/solr create -c films curl -X POST -H 'Content-type:application/json' --data-binary '\{"add-field": {"name":"name", "type":"text_general", "multiValued":false, "stored":true}}' http://localhost:8983/solr/films/schema curl -X POST -H 'Content-type:application/json' --data-binary '\{"add-copy-field" : {"source":"*","dest":"_text_"}}' http://localhost:8983/solr/films/schema ./bin/post -c films example/films/films.json
Show
Steps to reproduce Use a Linux machine. Build commit ea2c8ba of Solr as described in the section below. Build the films collection as described below. Start the server using the command { Unknown macro: {./bin/solr start -f -p 8983 -s /tmp/home} } Request the URL given in the bug description. Compiling the server git clone https://github.com/apache/lucene-solr cd lucene-solr git checkout ea2c8ba ant compile cd solr ant server Building the collection We followed Exercise 2 from the Solr Tutorial . The attached file ( home.zip ) gives the contents of folder /tmp/home that you will obtain by following the steps below: mkdir -p /tmp/home echo '<?xml version="1.0" encoding="UTF-8" ?><solr></solr>' > /tmp/home/solr.xml In one terminal start a Solr instance in foreground: ./bin/solr start -f -p 8983 -s /tmp/home In another terminal, create a collection of movies, with no shards and no replication, and initialize it: bin/solr create -c films curl -X POST -H 'Content-type:application/json' --data-binary '\{"add-field": {"name":"name", "type":"text_general", "multiValued":false, "stored":true}}' http://localhost:8983/solr/films/schema curl -X POST -H 'Content-type:application/json' --data-binary '\{"add-copy-field" : {"source":"*","dest":"_text_"}}' http://localhost:8983/solr/films/schema ./bin/post -c films example/films/films.json

Description

Requesting the following URL causes Solr to return an HTTP 500 error response:

http://localhost:8983/solr/films/select?fq={!frange%20l=1%20u=1}map(1)

The error response seems to be caused by the following uncaught exception:

java.lang.NullPointerException
at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1838)
at sun.misc.FloatingDecimal.parseFloat(FloatingDecimal.java:122)
at java.lang.Float.parseFloat(Float.java:451)
at org.apache.solr.search.FunctionQParser.parseFloat(FunctionQParser.java:145)
at org.apache.solr.search.ValueSourceParser$13.parse(ValueSourceParser.java:242)
at org.apache.solr.search.FunctionQParser.parseValueSource(FunctionQParser.java:370)
at org.apache.solr.search.FunctionQParser.parse(FunctionQParser.java:82)
at org.apache.solr.search.QParser.getQuery(QParser.java:173)
at org.apache.solr.search.FunctionRangeQParserPlugin$1.parse(FunctionRangeQParserPlugin.java:51)
at org.apache.solr.search.QParser.getQuery(QParser.java:173)
at org.apache.solr.handler.component.QueryComponent.prepare(QueryComponent.java:205)

The FunctionQParser.parseFloat function reads as follows:

    String str = parseArg();
    if (argWasQuoted()) throw new SyntaxError("Expected float instead of quoted string:" + str);
    float value = Float.parseFloat(str);
    return value;

But parseArg() is permitted to return null (this is the case when there are no more function arguments), which crashes Float.parseFloat. It may be worth handling the null case explicitly.

We found this bug using Diffblue Microservices Testing. Find more information on this fuzz testing campaign, where we found ~70 more issues like this one.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

home.zip
31/Jan/19 12:04
376 kB
Johannes Kloos

Issue Links

duplicates

SOLR-11883 NPE on missing nested query in QueryValueSource

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Johannes Kloos

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 31/Jan/19 12:04

Updated:: 12/May/22 00:26

Resolved:: 01/Mar/19 18:34

Details

Steps to reproduce

Compiling the server

Building the collection

Description

Attachments

Attachments

Issue Links

Activity

People

Dates