[
https://issues.apache.org/jira/browse/LUCENE-8164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356341#comment-16356341
]
Robert Muir commented on LUCENE-8164:
-------------------------------------
And the bug in PayloadAttributeImpl.copyTo boils down to the use of the
horrible Arrays.copyOfRange method in BytesRef.deepCopyOf:
{noformat}
The final index of the range (to), which must be greater than or equal to from,
may be greater than original.length, in which case (byte)0 is placed in all
elements of the copy whose index is greater than or equal to original.length -
from.
{noformat}
We can't use such methods, or we never know we wrote the correct stuff. it
needs to be banned with forbidden APIs.
> IndexWriter silently accepts broken payload
> -------------------------------------------
>
> Key: LUCENE-8164
> URL: https://issues.apache.org/jira/browse/LUCENE-8164
> Project: Lucene - Core
> Issue Type: Bug
> Reporter: Robert Muir
> Priority: Major
> Attachments: LUCENE-8164_test.patch
>
>
> IndexWriter seems to be missing bounds checks for payloads completely.
> If you pass a "broken" payload (e.g. BytesRef's offset + length is out of
> bounds), it will silently index it as if nothing went wrong. What actually
> happens? Doesn't matter, we should be getting an exception.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
