lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Muir (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LUCENE-8164) IndexWriter silently accepts broken payload
Date Thu, 08 Feb 2018 01:28:00 GMT

    [ https://issues.apache.org/jira/browse/LUCENE-8164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356341#comment-16356341
] 

Robert Muir commented on LUCENE-8164:
-------------------------------------

And the bug in PayloadAttributeImpl.copyTo boils down to the use of the horrible Arrays.copyOfRange
method in BytesRef.deepCopyOf:

{noformat}
The final index of the range (to), which must be greater than or equal to from, may be greater
than original.length, in which case (byte)0 is placed in all elements of the copy whose index
is greater than or equal to original.length - from. 
{noformat}

We can't use such methods, or we never know we wrote the correct stuff. it needs to be banned
with forbidden APIs.

> IndexWriter silently accepts broken payload
> -------------------------------------------
>
>                 Key: LUCENE-8164
>                 URL: https://issues.apache.org/jira/browse/LUCENE-8164
>             Project: Lucene - Core
>          Issue Type: Bug
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: LUCENE-8164_test.patch
>
>
> IndexWriter seems to be missing bounds checks for payloads completely.
> If you pass a "broken" payload (e.g. BytesRef's offset + length is out of bounds), it
will silently index it as if nothing went wrong. What actually happens? Doesn't matter, we
should be getting an exception.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message