The bug
net.minecraft.server.rcon.thread.QueryThreadGs4 (Mojang name) can crash because it can incorrectly try to use a cached rules response even though there hasn't been one created yet.
The class is intended to cache rules responses and only generate new ones every 5 seconds. The problem is that the field used for this (lastRulesResponse) is initialized to 0 and the check whether the cached response should be used looks like this:
private byte[] buildRuleResponse(DatagramPacket datagramPacket) throws IOException {
String[] arrstring;
long l = Util.getMillis();
if (l < this.lastRulesResponse + 5000L) {
byte[] arrby = this.rulesResponse.toByteArray();
byte[] arrby2 = this.getIdentBytes(datagramPacket.getSocketAddress());
arrby[1] = arrby2[0];
arrby[2] = arrby2[1];
arrby[3] = arrby2[2];
arrby[4] = arrby2[3];
return arrby;
}
this.lastRulesResponse = l;
this.rulesResponse.reset();
...
}Util.getMillis() calls in the end System.nanoTime() which can return negative values so the method above would use the empty byte array of rulesResponse and an ArrayIndexOutOfBoundsException would be thrown.
Attachments
Comments 3
I can confirm in 1.21 with code analysis, provided this same block of code is what was being referred to:
[media]
Can you still reproduced this issue in 1.19.4?