Mojira Archive
MC-243607

The "show_entity" action in hoverEvent does not properly verify UUIDs passed to it, which crashes the game when provided an invalid value

The bug

The game doesn't properly validate whether or not the value set for the "id" field in the "show_entity" hover event is actually a valid UUID, so when it attempts to process a malformed value (using UUID.fromString()), it fails and throws either an IllegalArgumentException or a NumberFormatException (depending on the value). This causes a crash when it attempts to render or (in some cases) process text components with this issue anywhere at all, including (but not limited to):

  • Item names
  • Item lore
  • Death messages (X was killed by Y using [Z])

Affected versions

  • 1.18
  • 1.17.x
  • 1.16.x

Methods to reproduce

Be advised, these steps will most likely brick your world. Don't do this in any world you care about.

  • Giving yourself an item with the broken component applied its name:  
    /give @p minecraft:stone{display:{Name:'{"text":"crash","hoverEvent":{"action":"show_entity","contents":{"id":"invalid","type":"minecraft:player"}}}'}} 1
  • Looking at an item frame containing NBT similar to this:
{EntityTag:{Item:{id:"minecraft:player_head",Count:1d,tag:{display:{Name:'{"text":"crash","hoverEvent":{"action":"show_entity","contents":{"id":"invalid","type":"minecraft:player"}}}'}}}}}
  • Getting killed by an entity that is holding an item with the broken component applied while death messages are enabled:
/give @p zombie_spawn_egg{EntityTag:{id:"minecraft:zombie",HandItems:[{id:"minecraft:diamond_sword",tag:{display:{Name:'{"text":"crash","hoverEvent":{"action":"show_entity","contents":{"id":"invalid","type":"minecraft:player"}}}'},Enchantments:[{id:sharpness,lvl:5}]},Count:1},{}]}} 1

Stack trace

Description: Unexpected error

java.lang.IllegalArgumentException: Invalid UUID string: invalid
    at java.base/java.util.UUID.fromString1(UUID.java:280)
    at java.base/java.util.UUID.fromString(UUID.java:258)
    at qd$b.a(SourceFile:134)
    at qd$a.a(SourceFile:345)
    at qd.a(SourceFile:94)
    at qj$a.b(SourceFile:374)
    at qj$a.a(SourceFile:348)
    at qj$a.deserialize(SourceFile:330)
    at com.google.gson.internal.bind.TreeTypeAdapter.read(TreeTypeAdapter.java:69)
    at com.google.gson.Gson.fromJson(Gson.java:932)
    at com.google.gson.Gson.fromJson(Gson.java:1003)
    at com.google.gson.internal.bind.TreeTypeAdapter$GsonContextImpl.deserialize(TreeTypeAdapter.java:162)
    at pz$a.a(SourceFile:236)
    at pz$a.deserialize(SourceFile:130)
    at com.google.gson.internal.bind.TreeTypeAdapter.read(TreeTypeAdapter.java:69)
    at aiq.a(SourceFile:503)
    at aiq.a(SourceFile:527)
    at pz$a.a(SourceFile:365)
    at bue.v(SourceFile:611)
    at dym.b(SourceFile:689)
    at dym.a(SourceFile:264)
    at epe.a(SourceFile:855)
    at dxo.f(SourceFile:1117)
    at dxo.e(SourceFile:733)
    at net.minecraft.client.main.Main.main(SourceFile:236)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at org.multimc.onesix.OneSixLauncher.launchWithMainClass(OneSixLauncher.java:210)
    at org.multimc.onesix.OneSixLauncher.launch(OneSixLauncher.java:245)
    at org.multimc.EntryPoint.listen(EntryPoint.java:143)
    at org.multimc.EntryPoint.main(EntryPoint.java:34)

Fixed

_Video

[Mojang] Bartosz Bok

2021-12-01, 03:20 PM

2021-12-07, 02:51 PM

2021-12-07, 11:53 AM

2

5

Confirmed

Very Important

Crash

Crash, UUID, client, hoverEvent, illegal-argument-exception, number-format-exception, server, show_entity, text-component, validation

1.18, 1.18.1 Pre-release 1

1.18.1 Release Candidate 1