On 12/21/2012 12:53 AM, Shawn Heisey wrote:
This is on Solr 3.5.0.
We are getting a java.lang.NegativeArraySizeException when our webapp
sends a query where the start parameter is set to a negative value. This
seems to set off a denial of service problem within Solr. I don't yet
know whether it's a mistake in coding, or whether some malicious user
has found an attack vector on our site.
My Solr 4.1 dev server doesn't seem to have a problem handling this. I
see a substantially similar exception when I send a similar request.
I have a clarification, at least for 4.1: That specific exception is
when it's a large negative number - larger than the numFound of the
query. With a small negative number, it's a different exception. I
won't be trying a small negative number on my 3.5 servers, they're in
production and I don't want to make them explode.
Thanks,
Shawn
