From 1d360f3b3e7721ecd0f4fb7b75f0b0761ee1fcfb Mon Sep 17 00:00:00 2001
From: Athishh <106370011+Athishh@users.noreply.github.com>
Date: Mon, 7 Oct 2024 04:39:47 +0530
Subject: [PATCH] Fix possible crasher & console spammer (#2428)

fixes an ArrayOutOfBounds packet exploit abusing  ClientClickWindowPacket that spams console and could lead to a crash due to excess cpu usage.

java.lang.ArrayIndexOutOfBoundsException: Index -1 out of bounds for length 46 at java.base/jdk.internal.util.Preconditions$2.apply(Preconditions.java:63) at java.base/jdk.internal.util.Preconditions$2.apply(Preconditions.java:60) at java.base/jdk.internal.util.Preconditions$4.apply(Preconditions.java:213) at java.base/jdk.internal.util.Preconditions$4.apply(Preconditions.java:210) at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:98) at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Preconditions.java:106) at java.base/jdk.internal.util.Preconditions.checkIndex(Preconditions.java:302) at java.base/java.lang.invoke.VarHandleReferences$Array.getVolatile(VarHandleReferences.java:604) at net.minestom.server.inventory.AbstractInventory.getItemStack(AbstractInventory.java:185) at net.minestom.server.inventory.PlayerInventory.changeHeld(PlayerInventory.java:250) at net.minestom.server.listener.WindowListener.clickWindowListener(WindowListener.java:54) at net.minestom.server.listener.manager.PacketListenerManager.lambda$setPlayListener$2(PacketListenerManager.java:163) at net.minestom.server.listener.manager.PacketListenerManager.processClientPacket(PacketListenerManager.java:132) at net.minestom.server.entity.Player.lambda$interpretPacketQueue$12(Player.java:2131) at org.jctools.queues.MpscArrayQueue.drain(MpscArrayQueue.java:512) at net.minestom.server.entity.Player.interpretPacketQueue(Player.java:2131) at java.base/java.util.concurrent.CopyOnWriteArrayList.forEach(CopyOnWriteArrayList.java:891) at java.base/java.util.concurrent.CopyOnWriteArraySet.forEach(CopyOnWriteArraySet.java:425) at net.minestom.server.network.ConnectionManager.tick(ConnectionManager.java:369) at net.minestom.server.ServerProcessImpl$TickerImpl.tick(ServerProcessImpl.java:37
---
 src/main/java/net/minestom/server/listener/WindowListener.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/net/minestom/server/listener/WindowListener.java b/src/main/java/net/minestom/server/listener/WindowListener.java
index 4f0aadbb2..682132a9b 100644
--- a/src/main/java/net/minestom/server/listener/WindowListener.java
+++ b/src/main/java/net/minestom/server/listener/WindowListener.java
@@ -51,6 +51,7 @@ public class WindowListener {
         } else if (clickType == ClientClickWindowPacket.ClickType.QUICK_MOVE) {
             successful = inventory.shiftClick(player, slot);
         } else if (clickType == ClientClickWindowPacket.ClickType.SWAP) {
+            if (slot < 0 || button < 0) return;
             successful = inventory.changeHeld(player, slot, button);
         } else if (clickType == ClientClickWindowPacket.ClickType.CLONE) {
             successful = player.getGameMode() == GameMode.CREATIVE;