Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-3628

SolrDocument uses user-provided collections unsafely

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6, 4.0-ALPHA
    • Fix Version/s: 4.0, 6.0
    • Component/s: clients - java
    • Labels:
    • Environment:

      Mac OS X 10.7.4, Java 6


      Adding a RO Collection as the value of a field (ie. SolrDocument or SolrInputField) will result in an UnsupportedOperationException later on when adding more values to that field.

      This happens because no defensive copy of collections are made. Instead, if a collection is given first, then it becomes the backing collection for the field. This can cause problems if the collection is modified after the fact or if a read-only collection is given (eg. Collection.unmodifiableList(...)).

      It can be reproduced with:

      SolrDocument doc = new SolrDocument()
      doc.addField("v", Collections.unmodifiableList(new ArrayList<Object>()))
      doc.addField("v", "a")

      I've created a patch that includes a fix and a test with, essentially, the above. The patch just ensures that SolrDocument and SolrInputField always use a Collection they created as the value, rather than relying on what was given to them.


        1. solrdoc-ro-list-bug.patch
          2 kB
          Tom Switzer
        2. solrdoc-ro-list-bug-comp.patch
          4 kB
          Tom Switzer
        3. SOLR-3628.patch
          5 kB
          Chris M. Hostetter



            • Assignee:
              hossman Chris M. Hostetter
              tixxit Tom Switzer


              • Created:

                Issue deployment