From f7210b6236e3b25403922c49c359c24a1a4e765c Mon Sep 17 00:00:00 2001
From: Jake Potrebic <jake.m.potrebic@gmail.com>
Date: Thu, 25 Apr 2024 09:58:59 -0700
Subject: [PATCH] readd itemstack data sanitization

---
 ...oversized-item-data-in-equipment-and.patch | 158 ++++++++++++++++++
 ...oversized-item-data-in-equipment-and.patch |  88 ----------
 2 files changed, 158 insertions(+), 88 deletions(-)
 create mode 100644 patches/server/1038-Prevent-sending-oversized-item-data-in-equipment-and.patch
 delete mode 100644 removed-patches-1-20-5/0675-Prevent-sending-oversized-item-data-in-equipment-and.patch

diff --git a/patches/server/1038-Prevent-sending-oversized-item-data-in-equipment-and.patch b/patches/server/1038-Prevent-sending-oversized-item-data-in-equipment-and.patch
new file mode 100644
index 0000000000..b4e9766a75
--- /dev/null
+++ b/patches/server/1038-Prevent-sending-oversized-item-data-in-equipment-and.patch
@@ -0,0 +1,158 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Nassim Jahnke <nassim@njahnke.dev>
+Date: Wed, 1 Dec 2021 12:36:25 +0100
+Subject: [PATCH] Prevent sending oversized item data in equipment and metadata
+
+
+diff --git a/src/main/java/io/papermc/paper/util/DataSanitizationUtil.java b/src/main/java/io/papermc/paper/util/DataSanitizationUtil.java
+new file mode 100644
+index 0000000000000000000000000000000000000000..239d63d557638aa8efe95c0900d803c2a23ae361
+--- /dev/null
++++ b/src/main/java/io/papermc/paper/util/DataSanitizationUtil.java
+@@ -0,0 +1,46 @@
++package io.papermc.paper.util;
++
++import java.util.ArrayList;
++import java.util.List;
++import java.util.function.Function;
++import net.minecraft.network.RegistryFriendlyByteBuf;
++import net.minecraft.network.codec.StreamCodec;
++import net.minecraft.world.item.ItemStack;
++import net.minecraft.world.item.Items;
++import net.minecraft.world.item.component.BundleContents;
++import net.minecraft.world.item.component.ItemContainerContents;
++import org.checkerframework.checker.nullness.qual.NonNull;
++import org.checkerframework.framework.qual.DefaultQualifier;
++
++@DefaultQualifier(NonNull.class)
++public final class DataSanitizationUtil {
++
++    public static final ThreadLocal<Boolean> DATA_SANITIZATION = ThreadLocal.withInitial(() -> false);
++
++    public static final StreamCodec<RegistryFriendlyByteBuf, ItemContainerContents> STRIPPED_CONTAINER_STREAM_CODEC = ItemContainerContents.STREAM_CODEC.map(
++        Function.identity(),
++        contents -> DATA_SANITIZATION.get() ? ItemContainerContents.EMPTY : contents
++    );
++
++    public static StreamCodec<RegistryFriendlyByteBuf, BundleContents> STRIPPED_BUNDLE_STREAM_CODEC = BundleContents.STREAM_CODEC.map(
++        Function.identity(),
++        contents -> {
++            if (!DATA_SANITIZATION.get()) {
++                return contents;
++            }
++            // Bundles change their texture based on their fullness.
++            int sizeUsed = 0;
++            for (ItemStack item : contents.items()) {
++                int scale = 64 / item.getMaxStackSize();
++                sizeUsed += scale * item.getCount();
++            }
++            // Now we add a single fake item that uses the same amount of slots as all other items.
++            List<ItemStack> items = new ArrayList<>();
++            items.add(new ItemStack(Items.PAPER, sizeUsed));
++            return new BundleContents(items);
++        }
++    );
++
++    private DataSanitizationUtil() {
++    }
++}
+diff --git a/src/main/java/net/minecraft/core/component/DataComponents.java b/src/main/java/net/minecraft/core/component/DataComponents.java
+index 5632974af9c603d333ffc30a5a1b1e851821a3bb..1608e862055cfa3e2afc04b6d2355dc107cef229 100644
+--- a/src/main/java/net/minecraft/core/component/DataComponents.java
++++ b/src/main/java/net/minecraft/core/component/DataComponents.java
+@@ -142,7 +142,7 @@ public class DataComponents {
+         "charged_projectiles", builder -> builder.persistent(ChargedProjectiles.CODEC).networkSynchronized(ChargedProjectiles.STREAM_CODEC).cacheEncoding()
+     );
+     public static final DataComponentType<BundleContents> BUNDLE_CONTENTS = register(
+-        "bundle_contents", builder -> builder.persistent(BundleContents.CODEC).networkSynchronized(BundleContents.STREAM_CODEC).cacheEncoding()
++        "bundle_contents", builder -> builder.persistent(BundleContents.CODEC).networkSynchronized(io.papermc.paper.util.DataSanitizationUtil.STRIPPED_BUNDLE_STREAM_CODEC).cacheEncoding() // Paper - sanitize bundle contents
+     );
+     public static final DataComponentType<PotionContents> POTION_CONTENTS = register(
+         "potion_contents", builder -> builder.persistent(PotionContents.CODEC).networkSynchronized(PotionContents.STREAM_CODEC).cacheEncoding()
+@@ -206,7 +206,7 @@ public class DataComponents {
+         "pot_decorations", builder -> builder.persistent(PotDecorations.CODEC).networkSynchronized(PotDecorations.STREAM_CODEC).cacheEncoding()
+     );
+     public static final DataComponentType<ItemContainerContents> CONTAINER = register(
+-        "container", builder -> builder.persistent(ItemContainerContents.CODEC).networkSynchronized(ItemContainerContents.STREAM_CODEC).cacheEncoding()
++        "container", builder -> builder.persistent(ItemContainerContents.CODEC).networkSynchronized(io.papermc.paper.util.DataSanitizationUtil.STRIPPED_CONTAINER_STREAM_CODEC).cacheEncoding() // Paper - sanitize container contents
+     );
+     public static final DataComponentType<BlockItemStateProperties> BLOCK_STATE = register(
+         "block_state", builder -> builder.persistent(BlockItemStateProperties.CODEC).networkSynchronized(BlockItemStateProperties.STREAM_CODEC).cacheEncoding()
+diff --git a/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEntityDataPacket.java b/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEntityDataPacket.java
+index 59c1c103545f04fd35e6932df64a9910a1d74cd7..a5736685c1caddbc39085b5a13c2c720c41c835b 100644
+--- a/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEntityDataPacket.java
++++ b/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEntityDataPacket.java
+@@ -19,9 +19,11 @@ public record ClientboundSetEntityDataPacket(int id, List<SynchedEntityData.Data
+     }
+ 
+     private static void pack(List<SynchedEntityData.DataValue<?>> trackedValues, RegistryFriendlyByteBuf buf) {
++        try { io.papermc.paper.util.DataSanitizationUtil.DATA_SANITIZATION.set(true); // Paper - data sanitization
+         for (SynchedEntityData.DataValue<?> dataValue : trackedValues) {
+             dataValue.write(buf);
+         }
++        } finally { io.papermc.paper.util.DataSanitizationUtil.DATA_SANITIZATION.set(false); } // Paper - data sanitization
+ 
+         buf.writeByte(255);
+     }
+diff --git a/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEquipmentPacket.java b/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEquipmentPacket.java
+index e092a486c4041ab1cfe9e29c88d0d94528a6e9a6..b35a8605714eb0de084f2a1b303cbe4d534d189a 100644
+--- a/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEquipmentPacket.java
++++ b/src/main/java/net/minecraft/network/protocol/game/ClientboundSetEquipmentPacket.java
+@@ -17,8 +17,14 @@ public class ClientboundSetEquipmentPacket implements Packet<ClientGamePacketLis
+     private static final byte CONTINUE_MASK = -128;
+     private final int entity;
+     private final List<Pair<EquipmentSlot, ItemStack>> slots;
+-
+     public ClientboundSetEquipmentPacket(int id, List<Pair<EquipmentSlot, ItemStack>> equipmentList) {
++        // Paper start - data sanitization
++        this(id, equipmentList, false);
++    }
++    private boolean santizize = false;
++    public ClientboundSetEquipmentPacket(int id, List<Pair<EquipmentSlot, ItemStack>> equipmentList, boolean sanitize) {
++        this.santizize = sanitize;
++        // Paper end - data sanitization
+         this.entity = id;
+         this.slots = equipmentList;
+     }
+@@ -41,6 +47,7 @@ public class ClientboundSetEquipmentPacket implements Packet<ClientGamePacketLis
+         buf.writeVarInt(this.entity);
+         int i = this.slots.size();
+ 
++        try { if (this.santizize) io.papermc.paper.util.DataSanitizationUtil.DATA_SANITIZATION.set(true); // Paper - data sanitization
+         for (int j = 0; j < i; j++) {
+             Pair<EquipmentSlot, ItemStack> pair = this.slots.get(j);
+             EquipmentSlot equipmentSlot = pair.getFirst();
+@@ -49,6 +56,7 @@ public class ClientboundSetEquipmentPacket implements Packet<ClientGamePacketLis
+             buf.writeByte(bl ? k | -128 : k);
+             ItemStack.OPTIONAL_STREAM_CODEC.encode(buf, pair.getSecond());
+         }
++        } finally { if (this.santizize) io.papermc.paper.util.DataSanitizationUtil.DATA_SANITIZATION.set(false); } // Paper - data sanitization
+     }
+ 
+     @Override
+diff --git a/src/main/java/net/minecraft/server/level/ServerEntity.java b/src/main/java/net/minecraft/server/level/ServerEntity.java
+index 4f103f731623a8570238a6867fda1c5f83fca4e4..5e377fd15c0efd2dc1e0919a97f4cdf6de56d681 100644
+--- a/src/main/java/net/minecraft/server/level/ServerEntity.java
++++ b/src/main/java/net/minecraft/server/level/ServerEntity.java
+@@ -353,7 +353,7 @@ public class ServerEntity {
+             }
+ 
+             if (!list.isEmpty()) {
+-                sender.accept(new ClientboundSetEquipmentPacket(this.entity.getId(), list));
++                sender.accept(new ClientboundSetEquipmentPacket(this.entity.getId(), list, true)); // Paper - data sanitization
+             }
+             ((LivingEntity) this.entity).detectEquipmentUpdatesPublic(); // CraftBukkit - SPIGOT-3789: sync again immediately after sending
+         }
+diff --git a/src/main/java/net/minecraft/world/entity/LivingEntity.java b/src/main/java/net/minecraft/world/entity/LivingEntity.java
+index 1ba83df3c2717dbd027b02d4d69e50091977d35f..f43aac06fd1ccf48f49f841a8624ef287bc1be59 100644
+--- a/src/main/java/net/minecraft/world/entity/LivingEntity.java
++++ b/src/main/java/net/minecraft/world/entity/LivingEntity.java
+@@ -3312,7 +3312,7 @@ public abstract class LivingEntity extends Entity implements Attackable {
+             }
+ 
+         });
+-        ((ServerLevel) this.level()).getChunkSource().broadcast(this, new ClientboundSetEquipmentPacket(this.getId(), list));
++        ((ServerLevel) this.level()).getChunkSource().broadcast(this, new ClientboundSetEquipmentPacket(this.getId(), list, true)); // Paper - data sanitization
+     }
+ 
+     private ItemStack getLastArmorItem(EquipmentSlot slot) {
diff --git a/removed-patches-1-20-5/0675-Prevent-sending-oversized-item-data-in-equipment-and.patch b/removed-patches-1-20-5/0675-Prevent-sending-oversized-item-data-in-equipment-and.patch
deleted file mode 100644
index 5e19c6e46b..0000000000
--- a/removed-patches-1-20-5/0675-Prevent-sending-oversized-item-data-in-equipment-and.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Nassim Jahnke <nassim@njahnke.dev>
-Date: Wed, 1 Dec 2021 12:36:25 +0100
-Subject: [PATCH] Prevent sending oversized item data in equipment and metadata
-
-TODO: Check if still needed with compacted items over the network and limits
-
-
-diff --git a/src/main/java/net/minecraft/network/syncher/EntityDataSerializers.java b/src/main/java/net/minecraft/network/syncher/EntityDataSerializers.java
-index 3ee4c01e4505241e575b8b2e96338ba27b793a2b..d70f77e4d5ca59c9f802ecb354fa8d53d1e10134 100644
---- a/src/main/java/net/minecraft/network/syncher/EntityDataSerializers.java
-+++ b/src/main/java/net/minecraft/network/syncher/EntityDataSerializers.java
-@@ -44,7 +44,7 @@ public class EntityDataSerializers {
-     public static final EntityDataSerializer<ItemStack> ITEM_STACK = new EntityDataSerializer<ItemStack>() {
-         @Override
-         public void write(FriendlyByteBuf buf, ItemStack value) {
--            buf.writeItem(value);
-+            buf.writeItem(net.minecraft.world.entity.LivingEntity.sanitizeItemStack(value, true)); // Paper - prevent oversized data
-         }
- 
-         @Override
-diff --git a/src/main/java/net/minecraft/server/level/ServerEntity.java b/src/main/java/net/minecraft/server/level/ServerEntity.java
-index 91563f903834c1a0636dc087f8c6376815165b6c..a51564e8dce3c125ed5f05cc23548a05c1e79a95 100644
---- a/src/main/java/net/minecraft/server/level/ServerEntity.java
-+++ b/src/main/java/net/minecraft/server/level/ServerEntity.java
-@@ -335,7 +335,10 @@ public class ServerEntity {
-                 ItemStack itemstack = ((LivingEntity) this.entity).getItemBySlot(enumitemslot);
- 
-                 if (!itemstack.isEmpty()) {
--                    list.add(Pair.of(enumitemslot, itemstack.copy()));
-+                    // Paper start - prevent oversized data
-+                    final ItemStack sanitized = LivingEntity.sanitizeItemStack(itemstack.copy(), false);
-+                    list.add(Pair.of(enumitemslot, sanitized));
-+                    // Paper end - prevent oversized data
-                 }
-             }
- 
-diff --git a/src/main/java/net/minecraft/world/entity/LivingEntity.java b/src/main/java/net/minecraft/world/entity/LivingEntity.java
-index ed6fd20ff608e764d6b0f517f6c9c85c533f1646..8025e351fb3e24aa67b31eca74be1bc368592851 100644
---- a/src/main/java/net/minecraft/world/entity/LivingEntity.java
-+++ b/src/main/java/net/minecraft/world/entity/LivingEntity.java
-@@ -3208,7 +3208,10 @@ public abstract class LivingEntity extends Entity implements Attackable {
-         equipmentChanges.forEach((enumitemslot, itemstack) -> {
-             ItemStack itemstack1 = itemstack.copy();
- 
--            list.add(Pair.of(enumitemslot, itemstack1));
-+            // Paper start - prevent oversized data
-+            ItemStack toSend = sanitizeItemStack(itemstack1, true);
-+            list.add(Pair.of(enumitemslot, toSend));
-+            // Paper end - prevent oversized data
-             switch (enumitemslot.getType()) {
-                 case HAND:
-                     this.setLastHandItem(enumitemslot, itemstack1);
-@@ -3221,6 +3224,34 @@ public abstract class LivingEntity extends Entity implements Attackable {
-         ((ServerLevel) this.level()).getChunkSource().broadcast(this, new ClientboundSetEquipmentPacket(this.getId(), list));
-     }
- 
-+    // Paper start - prevent oversized data
-+    public static ItemStack sanitizeItemStack(final ItemStack itemStack, final boolean copyItemStack) {
-+        if (itemStack.isEmpty() || !itemStack.hasTag()) {
-+            return itemStack;
-+        }
-+
-+        final ItemStack copy = copyItemStack ? itemStack.copy() : itemStack;
-+        final CompoundTag tag = copy.getTag();
-+        if (copy.is(Items.BUNDLE) && tag.get("Items") instanceof ListTag oldItems && !oldItems.isEmpty()) {
-+            // Bundles change their texture based on their fullness.
-+            org.bukkit.inventory.meta.BundleMeta bundleMeta = (org.bukkit.inventory.meta.BundleMeta) copy.asBukkitMirror().getItemMeta();
-+            int sizeUsed = 0;
-+            for (org.bukkit.inventory.ItemStack item : bundleMeta.getItems()) {
-+                int scale = 64 / item.getMaxStackSize();
-+                sizeUsed += scale * item.getAmount();
-+            }
-+            // Now we add a single fake item that uses the same amount of slots as all other items.
-+            ListTag items = new ListTag();
-+            items.add(new ItemStack(Items.PAPER, sizeUsed).save(new CompoundTag()));
-+            tag.put("Items", items);
-+        }
-+        if (tag.get("BlockEntityTag") instanceof CompoundTag blockEntityTag) {
-+            blockEntityTag.remove("Items");
-+        }
-+        return copy;
-+    }
-+    // Paper end - prevent oversized data
-+
-     private ItemStack getLastArmorItem(EquipmentSlot slot) {
-         return (ItemStack) this.lastArmorItemStacks.get(slot.getIndex());
-     }