diff --git a/patches/server/Validate-slot-in-PlayerInventory-setSlot.patch b/patches/server/Validate-slot-in-PlayerInventory-setSlot.patch new file mode 100644 index 0000000000..f796510d72 --- /dev/null +++ b/patches/server/Validate-slot-in-PlayerInventory-setSlot.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: strnq +Date: Sat, 14 Sep 2024 12:53:13 +0300 +Subject: [PATCH] Validate slot in PlayerInventory#setSlot + +The CraftPlayerInventory implementation sends a container_set_slot +packet to the client which will error if an invalid slot is passed to +the setSlot method, making a validation necessary over simply silently +ignoring invalid slot values. + +diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java +index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644 +--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java ++++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java +@@ -0,0 +0,0 @@ public class CraftInventoryPlayer extends CraftInventory implements org.bukkit.i + + @Override + public void setItem(int index, ItemStack item) { ++ // Paper start - Validate setItem index ++ if (index < 0 || index > 40) { ++ throw new ArrayIndexOutOfBoundsException("Index must be between 0 and 40"); ++ } ++ // Paper end - Validate setItem index + super.setItem(index, item); + if (this.getHolder() == null) return; + ServerPlayer player = ((CraftPlayer) this.getHolder()).getHandle();