Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 1e843b72 #510: Add NamespacedKey#fromString() to fetch from user input a4d18241 #581: Add methods to modify despawn delay for wandering villagers CraftBukkit Changes: 0cd8f19f #802: Add methods to modify despawn delay for wandering villagers d5c5d998 SPIGOT-6362: ConcurrentModificationException: null --> Server Crash 8c7d69fe SPIGOT-5228: Entities that are removed during chunk unloads are not properly removed from the chunk.
88 lines
4.4 KiB
88 lines
4.4 KiB
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <>
Date: Fri, 16 Nov 2018 23:08:50 -0500
Subject: [PATCH] Book Size Limits
Puts some limits on the size of books.
diff --git a/src/main/java/com/destroystokyo/paper/ b/src/main/java/com/destroystokyo/paper/
index 1697687405392198d2df653220465671675362c2..e8bade581ed391b25c592dbafb3fb3ccf72be616 100644
--- a/src/main/java/com/destroystokyo/paper/
+++ b/src/main/java/com/destroystokyo/paper/
@@ -334,4 +334,11 @@ public class PaperConfig {
velocitySecretKey = secret.getBytes(StandardCharsets.UTF_8);
+ public static int maxBookPageSize = 2560;
+ public static double maxBookTotalSizeMultiplier = 0.98D;
+ private static void maxBookSize() {
+ maxBookPageSize = getInt("", maxBookPageSize);
+ maxBookTotalSizeMultiplier = getDouble("", maxBookTotalSizeMultiplier);
+ }
diff --git a/src/main/java/net/minecraft/server/ b/src/main/java/net/minecraft/server/
index cc141f02d5a2b1a5c50e5583d3537d5883762db1..6ad02246267f4d95f82164b70c30ac2955c563fe 100644
--- a/src/main/java/net/minecraft/server/
+++ b/src/main/java/net/minecraft/server/
@@ -20,6 +20,7 @@ import java.util.function.Consumer;
import javax.annotation.Nullable;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -850,6 +851,52 @@ public class PlayerConnection implements PacketListenerPlayIn {
public void a(PacketPlayInBEdit packetplayinbedit) {
+ // Paper start
+ ItemStack testStack = packetplayinbedit.getBook();
+ if (!server.isPrimaryThread() && !testStack.isEmpty() && testStack.getTag() != null) {
+ NBTTagList pageList = testStack.getTag().getList("pages", 8);
+ if (pageList.size() > 100) {
+ PlayerConnection.LOGGER.warn(this.player.getName() + " tried to send a book with too many pages");
+ minecraftServer.scheduleOnMain(() -> this.disconnect("Book too large!"));
+ return;
+ }
+ long byteTotal = 0;
+ int maxBookPageSize = com.destroystokyo.paper.PaperConfig.maxBookPageSize;
+ double multiplier = Math.max(0.3D, Math.min(1D, com.destroystokyo.paper.PaperConfig.maxBookTotalSizeMultiplier));
+ long byteAllowed = maxBookPageSize;
+ for (int i = 0; i < pageList.size(); ++i) {
+ String testString = pageList.getString(i);
+ int byteLength = testString.getBytes(java.nio.charset.StandardCharsets.UTF_8).length;
+ if (byteLength > 256 * 4) {
+ PlayerConnection.LOGGER.warn(this.player.getName() + " tried to send a book with with a page too large!");
+ minecraftServer.scheduleOnMain(() -> this.disconnect("Book too large!"));
+ return;
+ }
+ byteTotal += byteLength;
+ int length = testString.length();
+ int multibytes = 0;
+ if (byteLength != length) {
+ for (char c : testString.toCharArray()) {
+ if (c > 127) {
+ multibytes++;
+ }
+ }
+ }
+ byteAllowed += (maxBookPageSize * Math.min(1, Math.max(0.1D, (double) length / 255D))) * multiplier;
+ if (multibytes > 1) {
+ // penalize MB
+ byteAllowed -= multibytes;
+ }
+ }
+ if (byteTotal > byteAllowed) {
+ PlayerConnection.LOGGER.warn(this.player.getName() + " tried to send too large of a book. Book Size: " + byteTotal + " - Allowed: "+ byteAllowed + " - Pages: " + pageList.size());
+ minecraftServer.scheduleOnMain(() -> this.disconnect("Book too large!"));
+ return;
+ }
+ }
+ // Paper end
// CraftBukkit start
if (this.lastBookTick + 20 > MinecraftServer.currentTick) {
this.disconnect("Book edited too quickly!");