Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13198

NullPointerException in org.apache.solr.search.QParser.getParser

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: main (9.0)
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:

      Description

      Requesting the following URL causes Solr to return an HTTP 500 error response:

      http://localhost:8983/solr/films/select?defType=xxx
      

      The error response seems to be caused by the following uncaught exception:

      java.lang.NullPointerException
      	at org.apache.solr.search.QParser.getParser(QParser.java:367)
      	at org.apache.solr.search.QParser.getParser(QParser.java:319)
      	at org.apache.solr.handler.component.QueryComponent.prepare(QueryComponent.java:157)
      	at org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:272)
      	at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:199)
      	at org.apache.solr.core.SolrCore.execute(SolrCore.java:2559)
      [...]
      

      The problem seems to be related to the input validation of parameter defType. Method org.apache.solr.search.QParser.getParser() retrieves a QParserPlugin at line 366, but the parserName is xxx and the returned plugin is null. Immediately after (line 367) this plugin is used, thus triggering the NPE. The null pointer should probably be checked before it's used.

      I think this is the example bug we described in the video attached to this blog post. We found this bug and 70 more like this using Diffblue Microservices Testing. Check the blog post to learn more about this fuzz testing campaign we are running.

        Attachments

        1. home.zip
          376 kB
          Cesar Rodriguez

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                cesar.rodriguez Cesar Rodriguez
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: