mirror of https://github.com/apache/lucene.git
LUCENE-8164: IndexWriter silently accepts broken payload.
This has been fixed via LUCENE-8165 since we are now checking for offset+length going out of bounds. Co-authored-by: Nhat Nguyen <nhat.nguyen@elastic.co> Co-authored-by: Robert Muir <rmuir@apache.org>
This commit is contained in:
parent
61e68ec1e8
commit
7eb74ac50f
|
@ -109,7 +109,11 @@ Optimizations
|
|||
|
||||
======================= Lucene 7.5.0 =======================
|
||||
|
||||
(No changes)
|
||||
Bug Fixes:
|
||||
|
||||
* LUCENE-8164: IndexWriter silently accepts broken payload. This has been fixed
|
||||
via LUCENE-8165 since we are now checking for offset+length going out of bounds.
|
||||
(Robert Muir, Nhat Nyugen, Simon Willnauer)
|
||||
|
||||
======================= Lucene 7.4.0 =======================
|
||||
|
||||
|
|
|
@ -49,6 +49,7 @@ import org.apache.lucene.analysis.CannedTokenStream;
|
|||
import org.apache.lucene.analysis.MockAnalyzer;
|
||||
import org.apache.lucene.analysis.MockTokenFilter;
|
||||
import org.apache.lucene.analysis.MockTokenizer;
|
||||
import org.apache.lucene.analysis.Token;
|
||||
import org.apache.lucene.analysis.TokenStream;
|
||||
import org.apache.lucene.analysis.Tokenizer;
|
||||
import org.apache.lucene.analysis.tokenattributes.CharTermAttribute;
|
||||
|
@ -3500,4 +3501,18 @@ public class TestIndexWriter extends LuceneTestCase {
|
|||
w.close();
|
||||
dir.close();
|
||||
}
|
||||
|
||||
public void testBrokenPayload() throws Exception {
|
||||
Directory d = newDirectory();
|
||||
IndexWriter w = new IndexWriter(d, newIndexWriterConfig(new MockAnalyzer(random())));
|
||||
Document doc = new Document();
|
||||
Token token = new Token("bar", 0, 3);
|
||||
BytesRef evil = new BytesRef(new byte[1024]);
|
||||
evil.offset = 1000; // offset + length is now out of bounds.
|
||||
token.setPayload(evil);
|
||||
doc.add(new TextField("foo", new CannedTokenStream(token)));
|
||||
expectThrows(IndexOutOfBoundsException.class, () -> w.addDocument(doc));
|
||||
w.close();
|
||||
d.close();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue