The bug
When an arrow with a very high damage value (or a really high speed) deals critical damage and hits an entity, the server can crash.
[^(20w17a) crash-2020-04-28_22.27.03-server.txt]
Description: Ticking entity
java.lang.IllegalArgumentException: bound must be positive
at java.util.Random.nextInt(Random.java:388)
at bdb.a(SourceFile:351)
at bdn.a(SourceFile:118)
at bdb.h(SourceFile:227)
at bdd.h(SourceFile:103)
at yr.a(SourceFile:584)
at yr$$Lambda$3446/120053388.accept(Unknown Source)
at boq.a(SourceFile:577)
at yr.a(SourceFile:399)
at net.minecraft.server.MinecraftServer.b(SourceFile:827)
at net.minecraft.server.MinecraftServer.a(SourceFile:766)
at enn.a(SourceFile:89)
at net.minecraft.server.MinecraftServer.run(SourceFile:625)
at java.lang.Thread.run(Thread.java:745)Reproduction steps
Switch to Survival mode
/execute at @s anchored eyes run summon arrow ~ ~3 ~ {damage:1e100d,crit:1b}❌ The game crashes once the arrow hits you
Code analysis
20w17a, Mojang names
The fix for MC-87655 made sure, that the damage value used for damage calculation is always >= 0. However, if the result of damage * speed becomes > Integer.MAX_VALUE the result overflows and becomes negative (see MC-181312). If the arrow is dealing critical damage (crit:1b), this negative value is passed to java.util.Random.nextInt(int), the exception seen in the crash report is thrown.
If only MC-181312 was fixed, the calculated damage would overflow after adding the critical damage bonus, which might currently not cause any crashes, but could in the future.
Therefore, it would make sense to clamp the damage to a maximum (e.g. of Integer.MAX_VALUE / 2, or even smaller) since higher damage will likely never occur in vanilla gameplay anyway and would likely kill any entity instantaneously.
Attachments
Comments 0
No comments.
