Thanks a lot, Robert. This is the kind of bugs I am after. Mike, thanks for the pointer (interesting bug!). You are right. By "subtle" I mean their impact could have been overlooked (no crash/exception). If Lucene was able to search despite a missing segment --it seems to me that Lucene will always throw an exception, right?--, then that bug would qualify.
On Wed, Nov 25, 2015 at 3:49 PM, Michael McCandless < luc...@mikemccandless.com> wrote: > I like this one: > > https://issues.apache.org/jira/browse/LUCENE-5904 > > As far as I know, it was not hit by user(s), but it was a real > vulnerability when Lucene operates in a hostile environment where an > adversarial virus checker can hold certain files open a "bad times" > for Lucene. > > In such cases it could cause Lucene to delete files that would the > corrupt its index, sort of a DOS attack. > > But I'm not sure this bug qualifies? It seems like you are looking > for bugs that are much more subtle in their impact? > > Mike McCandless > > http://blog.mikemccandless.com > > > On Wed, Nov 25, 2015 at 9:21 AM, Robert Muir <rcm...@gmail.com> wrote: > > I like this one (never released) > > https://issues.apache.org/jira/browse/LUCENE-3575 > > > > the basics are that fields in lucene have numbers, but if code mixes > > these up (e.g. in an optimization), then data can "move" to different > > field. > > > > Maybe there were other real corruption bugs along the same lines with > > bulk merge. > > > > On Wed, Nov 25, 2015 at 9:08 AM, Eslam Elnikety > > <eslam.elnik...@gmail.com> wrote: > >> Hi everyone, > >> > >> This is a question about your experience with bugs that silently make > the > >> application produce wrong results. > >> > >> I am developing a tool that prevents search engines from leaking > sensitive > >> information when they start misbehaving due to bugs/misconfigurations. > I am > >> trying to get better understanding of these bugs. If you recall bugs > (e.g., > >> wrong/corrupt index, incorrect query parsing, ..) that result in wrong > >> results or another strange silent behavior, it will be great if you > share > >> them with me. This will be extremely helpful. > >> > >> Here is an example of the kind of bugs I am looking for: > >> https://issues.apache.org/jira/browse/LUCENE-2756 > >> > >> Thanks! > >> > >> -- Eslam > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org > > For additional commands, e-mail: dev-h...@lucene.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org > For additional commands, e-mail: dev-h...@lucene.apache.org > >
