[BUG] Some XContent "parsing" exceptions in SearchSourceBuilder#parseXContent return 500 status

[dbwiddis]

Describe the bug

The SearchSourceBuilder class parseXContent() method returns 500 (Internal Server Error) for some types of parsing errors, because those errors throw exception types which are not converted to 400 (Bad Request) by ExceptionsHelper.status(). Specific exceptions seen include:

• com.fasterxml.jackson.core.exc.InputCoercionException (Exception type for read-side problems that are not direct decoding ("parsing") problems (those would be reported as JsonParseExceptions), but rather result from failed attempts to convert specific Java value out of valid but incompatible input value. One example is numeric coercions where target number type's range does not allow mapping of too large/too small input value.)
• IllegalStateException (thrown when XContentParser.getText() throws an exception)

As these exceptions are from invalid user input, a 400 (Bad Request) error would be more appropriate.

Related component

Search

To Reproduce

1. Add a document to an index

POST https://localhost:9200/test/_doc
{
    "hello": "world"
}

2. Search that index with a "size" field (unquoted) numeric value exceeding max integer value

GET https://localhost:9200/test/_search
{
    "query": {
        "match_all" : {}
    },
    "size": 2147483648
}

3. Observe a 500 REST Status code:

{
    "error": {
        "root_cause": [
            {
                "type": "input_coercion_exception",
                "reason": "Numeric value (2147483648) out of range of int (-2147483648 - 2147483647)\n at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 5, column: 23]"
            }
        ],
        "type": "input_coercion_exception",
        "reason": "Numeric value (2147483648) out of range of int (-2147483648 - 2147483647)\n at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 5, column: 23]"
    },
    "status": 500
}

4. Search with any query type that acceps a list of fields to search across (multi_match, query_string, simple_query_string) with a null field:

GET https://localhost:9200/test/_search
{
  "query": {
    "query_string": {
      "query": "world",
      "fields": ["hello", null]
    }
  }
}

5. Observe a 500 REST Status code:

{
    "error": {
        "root_cause": [
            {
                "type": "illegal_state_exception",
                "reason": "Can't get text on a VALUE_NULL at 5:27"
            }
        ],
        "type": "illegal_state_exception",
        "reason": "Can't get text on a VALUE_NULL at 5:27"
    },
    "status": 500
}

Expected behavior

The HTTP 400 Bad Request client error response status code indicates that the server would not process the request due to something the server considered to be a client error. The reason for a 400 response is typically due to malformed request syntax, invalid request message framing, or deceptive request routing.

Additional Details

Host/Environment (please complete the following information):

• Latest 3.0.0 docker image

{
    "name": "07cf024391bd",
    "cluster_name": "docker-cluster",
    "cluster_uuid": "FI7ikOjxSxaGiEHSQPEndA",
    "version": {
        "distribution": "opensearch",
        "number": "3.0.0",
        "build_type": "tar",
        "build_hash": "a8b1734fa8ea43d8fb1d13cf49be54a3dc0df7e5",
        "build_date": "2025-04-28T17:45:42.608109296Z",
        "build_snapshot": false,
        "lucene_version": "10.1.0",
        "minimum_wire_compatibility_version": "2.19.0",
        "minimum_index_compatibility_version": "2.0.0"
    },
    "tagline": "The OpenSearch Project: https://opensearch.org/"
}