ServerboundChatCommandPacket allows DoS attack

The bug

22w19a Mojang names

The following has not been tested, it is only based on the decompiled source code.

The packet ServerboundChatCommandPacket seems to allow denial of service (DoS) attacks because it calls ArgumentSignatures.ArgumentSignatures(FriendlyByteBuf) which creates a map of user controlled size, allowing usage of unlimited amount of memory.

For what it is worth, this is nearly exact the same issue as MC-229761. To quote myself from MC-251136:

In general it might be good to avoid mixing "safe" and "unsafe" methods in FriendlyByteBuf

Ideally you would have separate FriendlyByteBuf classes, for example a ServerFriendlyByteBuf which does not have any of these DoS-prone methods. Then this whole class of errors would be impossible, or it would at least be a lot less likely that code vulnerable to these DoS attacks would be written.