1 files changed, 26 insertions, 0 deletions

diff --git a/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch b/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch
new file mode 100644
index 0000000000..51eb36e240
--- /dev/null
+++ b/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: strnq <[email protected]>
+Date: Sat, 14 Sep 2024 12:53:13 +0300
+Subject: [PATCH] Validate slot in PlayerInventory#setSlot
+
+The CraftPlayerInventory implementation sends a container_set_slot
+packet to the client which will error if an invalid slot is passed to
+the setSlot method, making a validation necessary over simply silently
+ignoring invalid slot values.
+
+diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
+index eafa54c870c3e2aef30c3f9f96f516607a7cae24..8dea4321e41080829b474ad7b5a12c6a622181fd 100644
+--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
++++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
+@@ -70,6 +70,11 @@ public class CraftInventoryPlayer extends CraftInventory implements org.bukkit.i
+ 
+     @Override
+     public void setItem(int index, ItemStack item) {
++        // Paper start - Validate setItem index
++        if (index < 0 || index > 40) {
++            throw new ArrayIndexOutOfBoundsException("Index must be between 0 and 40");
++        }
++        // Paper end - Validate setItem index
+         super.setItem(index, item);
+         if (this.getHolder() == null) return;
+         ServerPlayer player = ((CraftPlayer) this.getHolder()).getHandle();