Re: pointers to subtle Lucene bugs

2015-11-25 Thread Eslam Elnikety 
Thanks a lot, Robert. This is the kind of bugs I am after.

Mike, thanks for the pointer (interesting bug!). You are right. By "subtle"
I mean their impact could have been overlooked (no crash/exception). If
Lucene was able to search despite a missing segment --it seems to me that
Lucene will always throw an exception, right?--, then that bug would
qualify.

On Wed, Nov 25, 2015 at 3:49 PM, Michael McCandless <
luc...@mikemccandless.com> wrote:

> I like this one:
>
> https://issues.apache.org/jira/browse/LUCENE-5904
>
> As far as I know, it was not hit by user(s), but it was a real
> vulnerability when Lucene operates in a hostile environment where an
> adversarial virus checker can hold certain files open a "bad times"
> for Lucene.
>
> In such cases it could cause Lucene to delete files that would the
> corrupt its index, sort of a DOS attack.
>
> But I'm not sure this bug qualifies?  It seems like you are looking
> for bugs that are much more subtle in their impact?
>
> Mike McCandless
>
> http://blog.mikemccandless.com
>
>
> On Wed, Nov 25, 2015 at 9:21 AM, Robert Muir  wrote:
> > I like this one (never released)
> > https://issues.apache.org/jira/browse/LUCENE-3575
> >
> > the basics are that fields in lucene have numbers, but if code mixes
> > these up (e.g. in an optimization), then data can "move" to different
> > field.
> >
> > Maybe there were other real corruption bugs along the same lines with
> > bulk merge.
> >
> > On Wed, Nov 25, 2015 at 9:08 AM, Eslam Elnikety
> >  wrote:
> >> Hi everyone,
> >>
> >> This is a question about your experience with bugs that silently make
> the
> >> application produce wrong results.
> >>
> >> I am developing a tool that prevents search engines from leaking
> sensitive
> >> information when they start misbehaving due to bugs/misconfigurations.
> I am
> >> trying to get better understanding of these bugs. If you recall bugs
> (e.g.,
> >> wrong/corrupt index, incorrect query parsing, ..) that result in wrong
> >> results or another strange silent behavior, it will be great if you
> share
> >> them with me. This will be extremely helpful.
> >>
> >> Here is an example of the kind of bugs I am looking for:
> >> https://issues.apache.org/jira/browse/LUCENE-2756
> >>
> >> Thanks!
> >>
> >> -- Eslam
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > For additional commands, e-mail: dev-h...@lucene.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>
>

Re: pointers to subtle Lucene bugs

2015-11-25 Thread Michael McCandless 
I like this one:

https://issues.apache.org/jira/browse/LUCENE-5904

As far as I know, it was not hit by user(s), but it was a real
vulnerability when Lucene operates in a hostile environment where an
adversarial virus checker can hold certain files open a "bad times"
for Lucene.

In such cases it could cause Lucene to delete files that would the
corrupt its index, sort of a DOS attack.

But I'm not sure this bug qualifies?  It seems like you are looking
for bugs that are much more subtle in their impact?

Mike McCandless

http://blog.mikemccandless.com


On Wed, Nov 25, 2015 at 9:21 AM, Robert Muir  wrote:
> I like this one (never released)
> https://issues.apache.org/jira/browse/LUCENE-3575
>
> the basics are that fields in lucene have numbers, but if code mixes
> these up (e.g. in an optimization), then data can "move" to different
> field.
>
> Maybe there were other real corruption bugs along the same lines with
> bulk merge.
>
> On Wed, Nov 25, 2015 at 9:08 AM, Eslam Elnikety
>  wrote:
>> Hi everyone,
>>
>> This is a question about your experience with bugs that silently make the
>> application produce wrong results.
>>
>> I am developing a tool that prevents search engines from leaking sensitive
>> information when they start misbehaving due to bugs/misconfigurations. I am
>> trying to get better understanding of these bugs. If you recall bugs (e.g.,
>> wrong/corrupt index, incorrect query parsing, ..) that result in wrong
>> results or another strange silent behavior, it will be great if you share
>> them with me. This will be extremely helpful.
>>
>> Here is an example of the kind of bugs I am looking for:
>> https://issues.apache.org/jira/browse/LUCENE-2756
>>
>> Thanks!
>>
>> -- Eslam
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Re: pointers to subtle Lucene bugs

2015-11-25 Thread Robert Muir 
I like this one (never released)
https://issues.apache.org/jira/browse/LUCENE-3575

the basics are that fields in lucene have numbers, but if code mixes
these up (e.g. in an optimization), then data can "move" to different
field.

Maybe there were other real corruption bugs along the same lines with
bulk merge.

On Wed, Nov 25, 2015 at 9:08 AM, Eslam Elnikety
 wrote:
> Hi everyone,
>
> This is a question about your experience with bugs that silently make the
> application produce wrong results.
>
> I am developing a tool that prevents search engines from leaking sensitive
> information when they start misbehaving due to bugs/misconfigurations. I am
> trying to get better understanding of these bugs. If you recall bugs (e.g.,
> wrong/corrupt index, incorrect query parsing, ..) that result in wrong
> results or another strange silent behavior, it will be great if you share
> them with me. This will be extremely helpful.
>
> Here is an example of the kind of bugs I am looking for:
> https://issues.apache.org/jira/browse/LUCENE-2756
>
> Thanks!
>
> -- Eslam

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org