Issue 3340: Uploading project.config with bad regexp borks the gerrit server
Status:  New
Owner: ----
Reported by r.d.f.ch...@gmail.com, Apr 27, 2015
*****************************************************************
*****                                                       *****
***** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!!  *****
*****                                                       *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, CYANOGENMOD,  *****
***** INTERNAL ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.*****
*****                                                       *****
*****   THOSE ISSUES BELONG IN DIFFERENT ISSUE TRACKERS     *****
*****                                                       *****
*****************************************************************

Affected Version:

What steps will reproduce the problem?
1. A user cloned project.config from refs/meta/config
2. The user added a rule using regexp and ${username} refs; e.g. [access "^refs/heads/(A|B|C)/users/${username}/.*"]
3. The user pushed the change and updated refs/meta/config 

What is the expected output? What do you see instead?

It would be nice if ${username} could be used with regexp; however my expectation is that it would be refused as per what happens in the GUI attempting to add that rule ("Code Review - Error Server Error -integer expected at position 27").

Instead the server is basically borked. Any attempt to even list projects results in "500 Internal server error" until someone with admin rights logs in to the box and manually rolls back refs/meta/config to point at the previous revision for the affected repository.

The user could not fix the problem because the server could not evaluate the access permissions to allow him to re-push.


Please provide any additional information below.

This happens with gerrit 2.10.3.1. Have not checked whether it is fixed in 2.11.

Server error log has lots of entries such as

[2015-04-27 16:38:19,762] ERROR com.google.gerrit.httpd.restapi.RestApiServlet : Error in GET /projects/?m=&n=26&type=ALL&d
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
        at java.lang.String.substring(String.java:1911)
        at com.google.gerrit.server.project.RefPatternMatcher$ExpandParameters.<init>(RefPatternMatcher.java:94)
        at com.google.gerrit.server.project.RefPatternMatcher.getMatcher(RefPatternMatcher.java:26)
        at com.google.gerrit.server.project.SectionMatcher.wrap(SectionMatcher.java:30)
        at com.google.gerrit.server.project.ProjectState.getLocalAccessSections(ProjectState.java:273)
        at com.google.gerrit.server.project.ProjectState.getAllSections(ProjectState.java:296)
        at com.google.gerrit.server.project.ProjectControl.access(ProjectControl.java:464)
        at com.google.gerrit.server.project.ProjectControl.canPerformOnAnyRef(ProjectControl.java:402)
        at com.google.gerrit.server.project.ProjectControl.isVisible(ProjectControl.java:241)
        at com.google.gerrit.server.project.ListProjects.display(ListProjects.java:309)
        at com.google.gerrit.server.project.ListProjects.apply(ListProjects.java:242)
        at com.google.gerrit.server.project.ListProjects.apply(ListProjects.java:237)
        at com.google.gerrit.server.project.ListProjects.apply(ListProjects.java:75)
        at com.google.gerrit.httpd.restapi.RestApiServlet.service(RestApiServlet.java:306)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
        at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:279)
        at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:269)
        at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:180)
        at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
        at com.google.gerrit.pgm.http.jetty.GetUserFilter.doFilter(GetUserFilter.java:76)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
        at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:70)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
        at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:113)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
        at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:64)
        at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:57)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
        at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:75)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
        at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119)
        at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)
        at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)
        at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)
        at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1636)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
        at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:92)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98)
        at org.eclipse.jetty.server.Server.handle(Server.java:461)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:284)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:244)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
        at java.lang.Thread.run(Thread.java:745)