I like this one: https://issues.apache.org/jira/browse/LUCENE-5904
As far as I know, it was not hit by user(s), but it was a real vulnerability when Lucene operates in a hostile environment where an adversarial virus checker can hold certain files open a "bad times" for Lucene. In such cases it could cause Lucene to delete files that would the corrupt its index, sort of a DOS attack. But I'm not sure this bug qualifies? It seems like you are looking for bugs that are much more subtle in their impact? Mike McCandless http://blog.mikemccandless.com On Wed, Nov 25, 2015 at 9:21 AM, Robert Muir <[email protected]> wrote: > I like this one (never released) > https://issues.apache.org/jira/browse/LUCENE-3575 > > the basics are that fields in lucene have numbers, but if code mixes > these up (e.g. in an optimization), then data can "move" to different > field. > > Maybe there were other real corruption bugs along the same lines with > bulk merge. > > On Wed, Nov 25, 2015 at 9:08 AM, Eslam Elnikety > <[email protected]> wrote: >> Hi everyone, >> >> This is a question about your experience with bugs that silently make the >> application produce wrong results. >> >> I am developing a tool that prevents search engines from leaking sensitive >> information when they start misbehaving due to bugs/misconfigurations. I am >> trying to get better understanding of these bugs. If you recall bugs (e.g., >> wrong/corrupt index, incorrect query parsing, ..) that result in wrong >> results or another strange silent behavior, it will be great if you share >> them with me. This will be extremely helpful. >> >> Here is an example of the kind of bugs I am looking for: >> https://issues.apache.org/jira/browse/LUCENE-2756 >> >> Thanks! >> >> -- Eslam > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
