The bug
After a ravager has been stunned, they occasionally scream. This scream will push entities away from the ravager. How far away the entity will be knocked back depends on the position of the entity relative to the ravager. For instance, an armor stand that is directly above a ravager can travel a large distance in a very short amount of time, just by the knockback of the ravager.
Players can use this mechanic as well if they're riding another entity.
Video
This is the video by 'SimplySarc' (who found the bug) where he shows it off the first time.
https://www.youtube.com/watch?v=aZp9olUXvOY
Code analysis
by @unknown (Link)
My video demonstration: https://www.youtube.com/watch?v=76XobG9QdOs
What is happening:
When the Ravager attacks an entity, and that entity is shielding, he has a 50% chance to roar.
For the first two seconds, he is stunned. After another 0.5 seconds, he roars, knocking back players within 4 blocks of him.The math to apply the knockback is as follows:
double d0 = entity.locX - this.locX;
double d1 = entity.locZ - this.locZ;
double d2 = d0 * d0 + d1 * d1;
entity.f(d0 / d2 * 4.0D, 0.2D, d1 / d2 * 4.0D);(where "entity" is the entity being knocked back, "this" is the ravager, and entity#f is the function that applies knockback.
Due to this bad math (no clamping or divide by zero checks), our velocity can reach huge numbers.
Conditions are simple: both entities must have very similar x and z values. (aka +-0.01 difference)If the x and y are exactly the same (+-0 difference), NaN is added as the velocity, which thankfully doesn't break anything.
Big enough values will crash a server (link), due to a too long tick / too many missed.
See this for the crash: https://content.jame.xyz/sharex/mQRiWi3MfN.mp4Edit 1: Here's the plugin used in the videos to test: https://github.com/electricman226/RavagerBug
Comments 8
I made a write-up about the exploit here:ย https://gist.github.com/electricman226/6f21267666001d653ce56749866e4d9eย (more detailed info)
I'd consider this somewhatโ of a security concern, seeing as this has the possibility of timing out players/crashing the server due to the watchdog closing it after too long of a tick/too many ticks missed.
The fix for this is either to change the math, or clamp the existing math and add divide by zero checks.
If you could, remove your 'Update' from the issue, because those conditions are simply wrong. The write-up shows how it's triggered/required conditions.
We've fixed the division by zero for 1.14.4-pre3, but will leave the rest of the behavior as there is no risk of this impacting a player by accident.
@slicedlime
does this mean that the ravager "teleportation" mechanics still work the same as demonstrated in the original video by simplysarc? https://www.youtube.com/watch?v=aZp9olUXvOY
@Megalodab somewhat.
The mechanic works the same. However, the knockback applied is different. See my updated write up for more information.
As slicedlime stated, they only intended to fix the division by 0 problem. To achieve this, they simply clamped one of the values to make sure it cannot become too close to 0. However, this changes the vector math applied as knockback, making certain values unreachable.
The most knockback possible to be applied is around 120.0 (on one axis) due to the nature of this change.
Well, so much about "Please don't tell Mojang"... ๐