lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Heisey <s...@elyograg.org>
Subject Solr 3.5: java.lang.NegativeArraySizeException caused by negative start value
Date Fri, 21 Dec 2012 07:53:21 GMT
This is on Solr 3.5.0.

We are getting a java.lang.NegativeArraySizeException when our webapp 
sends a query where the start parameter is set to a negative value. 
This seems to set off a denial of service problem within Solr.  I don't 
yet know whether it's a mistake in coding, or whether some malicious 
user has found an attack vector on our site.

After the first exception, another exception 
(org.mortbay.jetty.EofException) appears in the logs with increasing 
frequency.  Within minutes of the first exception, the load balancer 
complains about having no servers available because ping requests are 
failing.

This is distributed search, but the shards parameter is in 
solrconfig.xml, not provided by the client.

Full exception:

Dec 20, 2012 7:41:34 PM org.apache.solr.common.SolrException log
SEVERE: java.lang.NegativeArraySizeException
         at 
org.apache.lucene.util.PriorityQueue.initialize(PriorityQueue.java:108)
         at 
org.apache.solr.handler.component.ShardFieldSortedHitQueue.<init>(ShardDoc.java:139)
         at 
org.apache.solr.handler.component.QueryComponent.mergeIds(QueryComponent.java:712)
         at 
org.apache.solr.handler.component.QueryComponent.handleRegularResponses(QueryComponent.java:571)
         at 
org.apache.solr.handler.component.QueryComponent.handleResponses(QueryComponent.java:550)
         at 
org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:289)
         at 
org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:208)
         at org.apache.solr.core.SolrCore.execute(SolrCore.java:1372)
         at 
org.apache.solr.servlet.SolrDispatchFilter.execute(SolrDispatchFilter.java:356)
         at 
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:252)
         at 
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
         at 
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
         at 
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
         at 
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
         at 
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
         at 
org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
         at 
org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
         at 
org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
         at 
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
         at org.mortbay.jetty.Server.handle(Server.java:326)
         at 
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
         at 
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
         at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
         at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
         at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
         at 
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
         at 
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)


Later exceptions:

Dec 21, 2012 12:24:37 AM org.apache.solr.common.SolrException log
SEVERE: org.mortbay.jetty.EofException
         at org.mortbay.jetty.HttpGenerator.flush(HttpGenerator.java:791)
         at 
org.mortbay.jetty.AbstractGenerator$Output.flush(AbstractGenerator.java:569)
         at 
org.mortbay.jetty.HttpConnection$Output.flush(HttpConnection.java:1012)
         at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:278)
         at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
         at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
         at 
org.apache.solr.common.util.FastWriter.flush(FastWriter.java:115)
         at 
org.apache.solr.servlet.SolrDispatchFilter.writeResponse(SolrDispatchFilter.java:344)
         at 
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:265)
         at 
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
         at 
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
         at 
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
         at 
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
         at 
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
         at 
org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
         at 
org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
         at 
org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
         at 
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
         at org.mortbay.jetty.Server.handle(Server.java:326)
         at 
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
         at 
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
         at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
         at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
         at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
         at 
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
         at 
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: java.net.SocketException: Broken pipe
         at java.net.SocketOutputStream.socketWrite0(Native Method)
         at 
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
         at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
         at org.mortbay.io.ByteArrayBuffer.writeTo(ByteArrayBuffer.java:368)
         at org.mortbay.io.bio.StreamEndPoint.flush(StreamEndPoint.java:129)
         at org.mortbay.io.bio.StreamEndPoint.flush(StreamEndPoint.java:161)
         at org.mortbay.jetty.HttpGenerator.flush(HttpGenerator.java:714)
         ... 25 more



Mime
View raw message