From d90c4f37f6c2ae854a0fa876bb9ffacaf8f5c6d1 Mon Sep 17 00:00:00 2001
From: 4real <100953533+strainxx@users.noreply.github.com>
Date: Tue, 17 Sep 2024 17:57:32 +0300
Subject: [PATCH] Validate slot in PlayerInventory#setSlot (#11399)

---
 ...date-slot-in-PlayerInventory-setSlot.patch | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 patches/server/Validate-slot-in-PlayerInventory-setSlot.patch

diff --git a/patches/server/Validate-slot-in-PlayerInventory-setSlot.patch b/patches/server/Validate-slot-in-PlayerInventory-setSlot.patch
new file mode 100644
index 0000000000..f796510d72
--- /dev/null
+++ b/patches/server/Validate-slot-in-PlayerInventory-setSlot.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: strnq <dev@aruus.uk>
+Date: Sat, 14 Sep 2024 12:53:13 +0300
+Subject: [PATCH] Validate slot in PlayerInventory#setSlot
+
+The CraftPlayerInventory implementation sends a container_set_slot
+packet to the client which will error if an invalid slot is passed to
+the setSlot method, making a validation necessary over simply silently
+ignoring invalid slot values.
+
+diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
+index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644
+--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
++++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
+@@ -0,0 +0,0 @@ public class CraftInventoryPlayer extends CraftInventory implements org.bukkit.i
+ 
+     @Override
+     public void setItem(int index, ItemStack item) {
++        // Paper start - Validate setItem index
++        if (index < 0 || index > 40) {
++            throw new ArrayIndexOutOfBoundsException("Index must be between 0 and 40");
++        }
++        // Paper end - Validate setItem index
+         super.setItem(index, item);
+         if (this.getHolder() == null) return;
+         ServerPlayer player = ((CraftPlayer) this.getHolder()).getHandle();