Jump to content

Recommended Posts

Posted

Hello,

I've found a IndexOfBoundException in FMLSecurityManager#checkPermission(Permission).

@Override

    public void checkPermission(Permission perm)

    {

        String permName = perm.getName() != null ? perm.getName() : "missing";

        if (permName.startsWith("exitVM"))

        {

            Class<?>[] classContexts = getClassContext();

            String callingClass = classContexts.length > 3 ? classContexts[4].getName() : "none";

            String callingParent = classContexts.length > 4 ? classContexts[5].getName() : "none";

            // FML is allowed to call system exit and the Minecraft applet (from the quit button)

            if (!(callingClass.startsWith("net.minecraftforge.fml.")

                    || "net.minecraft.server.dedicated.ServerHangWatchdog$1".equals(callingClass)

                    || "net.minecraft.server.dedicated.ServerHangWatchdog".equals(callingClass)

                    || ( "net.minecraft.client.Minecraft".equals(callingClass) && "net.minecraft.client.Minecraft".equals(callingParent))

                    || ("net.minecraft.server.dedicated.DedicatedServer".equals(callingClass) && "net.minecraft.server.MinecraftServer".equals(callingParent)))

                    )

            {

                throw new ExitTrappedException();

            }

        }

        else if ("setSecurityManager".equals(permName))

        {

            throw new SecurityException("Cannot replace the FML security manager");

        }

        return;

    }

 

Could you fix it ? Or do you know where I can do a pull request ?

Thanks

Posted

Why ? :o

if array.length == 4, array.length > 3 is true, so you try to access array[4] but array[4] is OutOfBound because indexes start from 0.

array.length == 4 means available index are [0, 1, 2, 3]

Posted

Hypotheticals are not real issues.

Come back with an actual stack trace.

I can see what you're trying to say however The ifs themselves should never actually be needed as nothing in the MC codebase should be that shallow.

 

I do Forge for free, however the servers to run it arn't free, so anything is appreciated.
Consider supporting the team on Patreon

Posted

Well, I'm trying to make a custom JUnit test runner to use JUnit for mods tests which required a operationnal Minecraft Server.

So I'm calling GradleStartServer from my custom JUnit test runner. This appears when Eclipse plugin for JUnit call System.exit() when all test are executed.

So anyway, I have to completly bypass the security manager using ASM.

 

But, your project is open source, I spend free time to make a contribution to improve your code by avoiding this exception for futur case for example.

It's not usefull for me, because as I said before, I need to completely bypass the SecurityManager.

Maybe it should never be called by usual mod, but it could.

When this method is called and the call stack is < 5 it will always crash, this is not hypothetical.

 

Here my crash log :

Exception in thread "main" [22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: java.lang.ArrayIndexOutOfBoundsException: 5
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at net.minecraftforge.fml.relauncher.FMLSecurityManager.checkPermission(FMLSecurityManager.java:21)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at java.lang.SecurityManager.checkExit(Unknown Source)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at java.lang.Runtime.exit(Unknown Source)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at java.lang.System.exit(Unknown Source)
[22:32:28] [main/INFO] [sTDERR]: [java.lang.ThreadGroup:uncaughtException:-1]: 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Announcements



×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.