search

PaperMC / Paper

The most widely used, high performance Minecraft server that aims to fix gameplay and mechanics inconsistencies
https://papermc.io/
Other
9.44k stars 2.21k forks source link

nbt TagParser stack overflow relating to strings #10444

Closed rand0m0User closed 2 months ago

rand0m0User commented 2 months ago

Stack trace

---- Minecraft Crash Report ----
// I feel sad now :(

Time: 2024-04-20 23:37:23
Description: Exception in server tick loop

java.lang.StackOverflowError: Exception in server tick loop
    at java.base/java.lang.String.charAt(String.java:1517)
    at com.mojang.brigadier.StringReader.peek(StringReader.java:76)
    at net.minecraft.nbt.TagParser.readList(TagParser.java:144)
    at net.minecraft.nbt.TagParser.readValue(TagParser.java:138)
    at net.minecraft.nbt.TagParser.readListTag(TagParser.java:186)
    at net.minecraft.nbt.TagParser.readList(TagParser.java:144)
    at net.minecraft.nbt.TagParser.readValue(TagParser.java:138)
    at net.minecraft.nbt.TagParser.readListTag(TagParser.java:186)
    at net.minecraft.nbt.TagParser.readList(TagParser.java:144)
    at net.minecraft.nbt.TagParser.readValue(TagParser.java:138)
    at net.minecraft.nbt.TagParser.readListTag(TagParser.java:186)
    at net.minecraft.nbt.TagParser.readList(TagParser.java:144)
    at net.minecraft.nbt.TagParser.readValue(TagParser.java:138)
    at net.minecraft.nbt.TagParser.readListTag(TagParser.java:186)
    at net.minecraft.nbt.TagParser.readList(TagParser.java:144)
    at net.minecraft.nbt.TagParser.readValue(TagParser.java:138)
    at net.minecraft.nbt.TagParser.readListTag(TagParser.java:186)
    at net.minecraft.nbt.TagParser.readList(TagParser.java:144)
    at net.minecraft.nbt.TagParser.readValue(TagParser.java:138)
    at net.minecraft.nbt.TagParser.readListTag(TagParser.java:186)
    at net.minecraft.nbt.TagParser.readList(TagParser.java:144)
    at net.minecraft.nbt.TagParser.readValue(TagParser.java:138)
    at net.minecraft.nbt.TagParser.readListTag(TagParser.java:186)

    //goes on for quite a while with no mention of what class started it

Plugin and Datapack List

n/a (as this seems to be native minecraft code?)

Actions to reproduce (if known)

seems to be some kind of exploit as the target never joins (log ss) image

Paper version

latest version

Other

this seems to be the result of some malformed packet exploit that immediately kills the server, banning the IP's also seems to not work too well as it would still happen (manually editing banned-ips.json as the server was crashed anyway)

lynxplay commented 2 months ago

Latest version is not a version. Please provide the specific output of /version

rand0m0User commented 2 months ago

had to boot up the game, sorry if it took too long

[CHAT] This server is running Paper version git-Paper-196 (MC: 1.20.1) (Implementing API version 1.20.1-R0.1-SNAPSHOT) (Git: 773dd72)
You are running the latest version
Previous version: git-Paper-19 (MC: 1.20.1)
underscore11code commented 2 months ago

1.20.1 is unsupported. This is a crash exploit that is patched on latest 1.20.4. Update.

lynxplay commented 2 months ago

Yea, you are certainly not running the latest version of paper, which would be 1.20.4 build 493. This is a known exploit fixed in said newer versions, please update 👍

// edit, wow, coming in with the snipe revenge _11

rand0m0User commented 2 months ago

but we dont have plans on updating to 20.4 yet, il have to let the server owner know as im just an admin

lynxplay commented 2 months ago

Yea I mean, being stuck on an outdated version is annoying and I get that, but we only maintain latest paper, which in this case is 1.20.4.

I think if push comes to shove, there is an unofficial paper build by cat out there for 1.20.1 ? or .2, dunno, that has this fixed but really the server should be updating.