You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Michael Lawley (JIRA)" <ji...@apache.org> on 2015/12/24 01:52:46 UTC

[jira] [Created] (LUCENE-6948) ArrayIndexOutOfBoundsException in PagedBytes$Reader.fill

Michael Lawley created LUCENE-6948:
--------------------------------------

             Summary: ArrayIndexOutOfBoundsException in PagedBytes$Reader.fill
                 Key: LUCENE-6948
                 URL: https://issues.apache.org/jira/browse/LUCENE-6948
             Project: Lucene - Core
          Issue Type: Bug
          Components: core/search
    Affects Versions: 4.10.4
            Reporter: Michael Lawley


With a very large index (in our case > 10G), we are seeing exceptions like:

java.lang.ArrayIndexOutOfBoundsException: -62400
	at org.apache.lucene.util.PagedBytes$Reader.fill(PagedBytes.java:116)
	at org.apache.lucene.search.FieldCacheImpl$BinaryDocValuesImpl$1.get(FieldCacheImpl.java:1342)
	at org.apache.lucene.search.join.TermsCollector$SV.collect(TermsCollector.java:106)
	at org.apache.lucene.search.Weight$DefaultBulkScorer.scoreAll(Weight.java:193)
	at org.apache.lucene.search.Weight$DefaultBulkScorer.score(Weight.java:163)
	at org.apache.lucene.search.BulkScorer.score(BulkScorer.java:35)
	at org.apache.lucene.search.IndexSearcher.search(IndexSearcher.java:621)
	at org.apache.lucene.search.IndexSearcher.search(IndexSearcher.java:309)

The code in question is trying to allocate an array with a negative size.  We believe the source of the error is in org.apache.lucene.search.FieldCacheImpl$BinaryDocValuesImpl$1.get where the following code occurs:

          final int pointer = (int) docToOffset.get(docID);
          if (pointer == 0) {
            term.length = 0;
          } else {
            bytes.fill(term, pointer);
          }

The cast to int will break if the (long) result of docToOffset.get is too large, and is unnecessary in the first place since bytes.fill takes a long as its second parameter.

Proposed fix:

          final long pointer = docToOffset.get(docID);
          if (pointer == 0) {
            term.length = 0;
          } else {
            bytes.fill(term, pointer);
          }





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org