Hello,

I've found a IndexOfBoundException in FMLSecurityManager#checkPermission(Permission).

@Override

    public void checkPermission(Permission perm)

    {

        String permName = perm.getName() != null ? perm.getName() : "missing";

        if (permName.startsWith("exitVM"))

        {

            Class<?>[] classContexts = getClassContext();

            String callingClass = classContexts.length > 3 ? classContexts[4].getName() : "none";

            String callingParent = classContexts.length > 4 ? classContexts[5].getName() : "none";

            // FML is allowed to call system exit and the Minecraft applet (from the quit button)

            if (!(callingClass.startsWith("net.minecraftforge.fml.")

                    || "net.minecraft.server.dedicated.ServerHangWatchdog$1".equals(callingClass)

                    || "net.minecraft.server.dedicated.ServerHangWatchdog".equals(callingClass)

                    || ( "net.minecraft.client.Minecraft".equals(callingClass) && "net.minecraft.client.Minecraft".equals(callingParent))

                    || ("net.minecraft.server.dedicated.DedicatedServer".equals(callingClass) && "net.minecraft.server.MinecraftServer".equals(callingParent)))

                    )

            {

                throw new ExitTrappedException();

            }

        }

        else if ("setSecurityManager".equals(permName))

        {

            throw new SecurityException("Cannot replace the FML security manager");

        }

        return;

    }

 

Could you fix it ? Or do you know where I can do a pull request ?

Thanks

Why ?

if array.length == 4, array.length > 3 is true, so you try to access array[4] but array[4] is OutOfBound because indexes start from 0.

array.length == 4 means available index are [0, 1, 2, 3]

You can submit a pull request on GitHub.

I've done it (EyZox is me)

@diesieben, I'm proud to teach some Java Basics to a Forge Grand Master like you

Hypotheticals are not real issues.

Come back with an actual stack trace.

I can see what you're trying to say however The ifs themselves should never actually be needed as nothing in the MC codebase should be that shallow.

 

Well, I'm trying to make a custom JUnit test runner to use JUnit for mods tests which required a operationnal Minecraft Server.

So I'm calling GradleStartServer from my custom JUnit test runner. This appears when Eclipse plugin for JUnit call System.exit() when all test are executed.

So anyway, I have to completly bypass the security manager using ASM.

 

But, your project is open source, I spend free time to make a contribution to improve your code by avoiding this exception for futur case for example.

It's not usefull for me, because as I said before, I need to completely bypass the SecurityManager.

Maybe it should never be called by usual mod, but it could.

When this method is called and the call stack is < 5 it will always crash, this is not hypothetical.

 

Here my crash log :

Exception in thread "main" [22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: java.lang.ArrayIndexOutOfBoundsException: 5
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at net.minecraftforge.fml.relauncher.FMLSecurityManager.checkPermission(FMLSecurityManager.java:21)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at java.lang.SecurityManager.checkExit(Unknown Source)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at java.lang.Runtime.exit(Unknown Source)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at java.lang.System.exit(Unknown Source)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)