Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
9.0
-
None
-
None
-
Steps to reproduce
- Use a Linux machine.
- Build commit ea2c8ba of Solr as described in the section below.
- Build the films collection as described below.
- Start the server using the command ./bin/solr start -f -p 8983 -s /tmp/home
- Request the URL given in the bug description.
Compiling the server
git clone https://github.com/apache/lucene-solr cd lucene-solr git checkout ea2c8ba ant compile cd solr ant server
Building the collection
We followed Exercise 2 from the Solr Tutorial. The attached file (home.zip) gives the contents of folder /tmp/home that you will obtain by following the steps below:
mkdir -p /tmp/home echo '<?xml version="1.0" encoding="UTF-8" ?><solr></solr>' > /tmp/home/solr.xml
In one terminal start a Solr instance in foreground:
./bin/solr start -f -p 8983 -s /tmp/home
In another terminal, create a collection of movies, with no shards and no replication, and initialize it:
bin/solr create -c films curl -X POST -H 'Content-type:application/json' --data-binary '{"add-field": {"name":"name", "type":"text_general", "multiValued":false, "stored":true}}' http://localhost:8983/solr/films/schema curl -X POST -H 'Content-type:application/json' --data-binary '{"add-copy-field" : {"source":"*","dest":"_text_"}}' http://localhost:8983/solr/films/schema ./bin/post -c films example/films/films.jsonSteps to reproduce Use a Linux machine. Build commit ea2c8ba of Solr as described in the section below. Build the films collection as described below. Start the server using the command ./bin/solr start -f -p 8983 -s /tmp/home Request the URL given in the bug description. Compiling the server git clone https://github.com/apache/lucene-solr cd lucene-solr git checkout ea2c8ba ant compile cd solr ant server Building the collection We followed Exercise 2 from the Solr Tutorial . The attached file ( home.zip ) gives the contents of folder /tmp/home that you will obtain by following the steps below: mkdir -p /tmp/home echo '<?xml version="1.0" encoding="UTF-8" ?><solr></solr>' > /tmp/home/solr.xml In one terminal start a Solr instance in foreground: ./bin/solr start -f -p 8983 -s /tmp/home In another terminal, create a collection of movies, with no shards and no replication, and initialize it: bin/solr create -c films curl -X POST -H 'Content-type:application/json' --data-binary '{"add-field": {"name":"name", "type":"text_general", "multiValued":false, "stored":true}}' http://localhost:8983/solr/films/schema curl -X POST -H 'Content-type:application/json' --data-binary '{"add-copy-field" : {"source":"*","dest":"_text_"}}' http://localhost:8983/solr/films/schema ./bin/post -c films example/films/films.json
Description
Requesting the following URL causes Solr to return an HTTP 500 error response:
http://localhost:8983/solr/films/select?q={!parent%20fq={!collapse%20field=id}&rentDocument}
The error response seems to be caused by the following uncaught exception:
ERROR (qtp689401025-21) [ x:films] o.a.s.s.HttpSolrCall null:java.lang.NullPointerException at org.apache.lucene.search.IndexSearcher.rewrite(IndexSearcher.java:667) at org.apache.lucene.search.join.QueryBitSetProducer.getBitSet(QueryBitSetProducer.java:73) at org.apache.solr.search.join.BlockJoinParentQParser$BitDocIdSetFilterWrapper.getDocIdSet(BlockJoinParentQParser.java:135) at org.apache.solr.search.SolrConstantScoreQuery$ConstantWeight.scorer(SolrConstantScoreQuery.java:99) at org.apache.lucene.search.Weight.bulkScorer(Weight.java:177) at org.apache.lucene.search.IndexSearcher.search(IndexSearcher.java:649) at org.apache.lucene.search.IndexSearcher.search(IndexSearcher.java:443) at org.apache.solr.search.SolrIndexSearcher.buildAndRunCollectorChain(SolrIndexSearcher.java:200) at org.apache.solr.search.SolrIndexSearcher.getDocListNC(SolrIndexSearcher.java:1604) at org.apache.solr.search.SolrIndexSearcher.getDocListC(SolrIndexSearcher.java:1420) at org.apache.solr.search.SolrIndexSearcher.search(SolrIndexSearcher.java:567) at org.apache.solr.handler.component.QueryComponent.doProcessUngroupedSearch(QueryComponent.java:1434) at org.apache.solr.handler.component.QueryComponent.process(QueryComponent.java:373) at org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:298) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:199) at org.apache.solr.core.SolrCore.execute(SolrCore.java:2559) at org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:711) at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:516) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:394) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:340) [...]
In org/apache/lucene/search/join/QueryBitSetProducer.java[73] there is called
method 'org.apache.lucene.search.IndexSearcher.rewrite' with null value stored
in the member 'query'. Inside the called method there is method 'rewrite' on the
accepted argument.
The member 'query' of QueryBitSetProducer is initialised only once (i.e. only for
the first query issued; for subsequent queries it is not created again) from
'org.apache.solr.search.join.BlockJoinParentQParser.getCachedFilter'
(org/apache/solr/search/join/BlockJoinParentQParser.java[98]), where is
called 'createParentFilter' with null.
---------------------------
We found this bug using Diffblue Microservices Testing. Find more information on this fuzz testing campaign.
Attachments
Attachments
Issue Links
- links to
