From fa0cd40ac1cfad976250fd56d739d24b98d75bd2 Mon Sep 17 00:00:00 2001 From: GreatWyrm Date: Sun, 24 Mar 2024 22:47:12 -0700 Subject: [PATCH] Add bounds check to CreativeInventoryListener (#2042) * Add bounds check to CreativeInventoryListener * Add test and change bounds check to exclude crafting output slot --- .../CreativeInventoryActionListener.java | 5 +++ .../inventory/PlayerCreativeSlotTest.java | 42 +++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 src/test/java/net/minestom/server/inventory/PlayerCreativeSlotTest.java diff --git a/src/main/java/net/minestom/server/listener/CreativeInventoryActionListener.java b/src/main/java/net/minestom/server/listener/CreativeInventoryActionListener.java index b03e4f506..1554fd5bf 100644 --- a/src/main/java/net/minestom/server/listener/CreativeInventoryActionListener.java +++ b/src/main/java/net/minestom/server/listener/CreativeInventoryActionListener.java @@ -18,6 +18,11 @@ public final class CreativeInventoryActionListener { player.dropItem(item); return; } + // Bounds check + // 0 is crafting result inventory slot, ignore attempts to place into it + if (slot < 1 || slot > PlayerInventoryUtils.OFFHAND_SLOT) { + return; + } // Set item slot = (short) PlayerInventoryUtils.convertPlayerInventorySlot(slot, PlayerInventoryUtils.OFFSET); PlayerInventory inventory = player.getInventory(); diff --git a/src/test/java/net/minestom/server/inventory/PlayerCreativeSlotTest.java b/src/test/java/net/minestom/server/inventory/PlayerCreativeSlotTest.java new file mode 100644 index 000000000..a18215deb --- /dev/null +++ b/src/test/java/net/minestom/server/inventory/PlayerCreativeSlotTest.java @@ -0,0 +1,42 @@ +package net.minestom.server.inventory; + +import net.minestom.server.coordinate.Pos; +import net.minestom.server.entity.GameMode; +import net.minestom.server.item.ItemStack; +import net.minestom.server.item.Material; +import net.minestom.server.listener.CreativeInventoryActionListener; +import net.minestom.server.network.packet.client.play.ClientCreativeInventoryActionPacket; +import net.minestom.server.utils.inventory.PlayerInventoryUtils; +import net.minestom.testing.Env; +import net.minestom.testing.EnvTest; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; +import static org.junit.jupiter.api.Assertions.assertEquals; + +@EnvTest +public class PlayerCreativeSlotTest { + + @Test + public void testCreativeSlots(Env env) { + var instance = env.createFlatInstance(); + var connection = env.createConnection(); + var player = connection.connect(instance, new Pos(0, 42, 0)).join(); + assertEquals(instance, player.getInstance()); + + player.setGameMode(GameMode.CREATIVE); + player.addPacketToQueue(new ClientCreativeInventoryActionPacket((short) PlayerInventoryUtils.OFFHAND_SLOT, ItemStack.of(Material.STICK))); + player.interpretPacketQueue(); + assertEquals(Material.STICK, player.getInventory().getItemInOffHand().material()); + } + + @Test + public void testBoundsCheck(Env env) { + var instance = env.createFlatInstance(); + var connection = env.createConnection(); + var player = connection.connect(instance, new Pos(0, 42, 0)).join(); + player.setGameMode(GameMode.CREATIVE); + + assertDoesNotThrow(() -> CreativeInventoryActionListener.listener(new ClientCreativeInventoryActionPacket((short) 76, ItemStack.of(Material.OAK_LOG)), player)); + } +}