Server processes packets after connection to client was closed

The bug

The server continues to process scheduled packets even after the connection to the client was closed.

Exploit examples

Dropping items from saved inventory

This bug allows item duplication if the server processes packets to drop items after the player inventory was saved because the connection was closed.

How to reproduce (modded)

You can modify the method net.minecraft.client.entity.EntityPlayerSP.dropItem(boolean) to send for example one or multiple chat packets containing the formatting character §, which causes the client to be kicked, then wait some milliseconds and send the drop packet. You will have to figure out the exact timing required because it can vary based on the performance of the server.

Code analysis

Based on 1.11.2 decompiled using MCP 9.35 rc1

The main problem is that the Runnable created by the method net.minecraft.network.PacketThreadUtil.checkThreadAndEnqueue(Packet<T>, T, IThreadListener)
does not check if the channel is still open.

Additionally the handling of packets could be improved to not process packets when the server disconnected the client and not wait for the Netty Server IO thread to close the channel, which would allow some packets to still be processed.

Tasks scheduled by net.minecraft.network.NetHandlerPlayServer.disconnect(String) to check if the client was disconnected do not work really well either because the channel is not closed immediately. The method net.minecraft.network.NetworkSystem.networkTick() should notice it anyway.