PaperMC/patches/server/0911-Validate-ResourceLocation-in-NBT-reading.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nassim Jahnke <nassim@njahnke.dev>
Date: Thu, 4 Jan 2024 13:49:14 +0100
Subject: [PATCH] Validate ResourceLocation in NBT reading


diff --git a/src/main/java/net/minecraft/nbt/NbtUtils.java b/src/main/java/net/minecraft/nbt/NbtUtils.java
index 4929bac8e476664086470f078efce6c0a6164413..f88dd37783b3c155c23b547c360b8d3c16e030c0 100644
--- a/src/main/java/net/minecraft/nbt/NbtUtils.java
+++ b/src/main/java/net/minecraft/nbt/NbtUtils.java
@@ -149,8 +149,10 @@ public final class NbtUtils {
         if (!nbt.contains("Name", 8)) {
             return Blocks.AIR.defaultBlockState();
         } else {
-            ResourceLocation resourceLocation = ResourceLocation.parse(nbt.getString("Name"));
-            Optional<? extends Holder<Block>> optional = blockLookup.get(ResourceKey.create(Registries.BLOCK, resourceLocation));
+            // Paper start - Validate resource location
+            ResourceLocation resourceLocation = ResourceLocation.tryParse(nbt.getString("Name"));
+            Optional<? extends Holder<Block>> optional = resourceLocation != null ? blockLookup.get(ResourceKey.create(Registries.BLOCK, resourceLocation)) : Optional.empty();
+            // Paper end - Validate resource location
             if (optional.isEmpty()) {
                 return Blocks.AIR.defaultBlockState();
             } else {
diff --git a/src/main/java/net/minecraft/resources/ResourceLocation.java b/src/main/java/net/minecraft/resources/ResourceLocation.java
index 87afe84791af2d5e9f869cd4c09eed4bb5fee75b..1967c43ee3a12e63365cc40ee6565307e2fd73cf 100644
--- a/src/main/java/net/minecraft/resources/ResourceLocation.java
+++ b/src/main/java/net/minecraft/resources/ResourceLocation.java
@@ -41,6 +41,13 @@ public final class ResourceLocation implements Comparable<ResourceLocation> {
 
         assert isValidPath(path);
 
+        // Paper start - Validate ResourceLocation
+        // Check for the max network string length (capped at Short.MAX_VALUE) as well as the max bytes of a StringTag (length written as an unsigned short)
+        final String resourceLocation = namespace + ":" + path;
+        if (resourceLocation.length() > Short.MAX_VALUE || io.netty.buffer.ByteBufUtil.utf8MaxBytes(resourceLocation) > 2 * Short.MAX_VALUE + 1) {
+            throw new ResourceLocationException("Resource location too long: " + resourceLocation);
+        }
+        // Paper end - Validate ResourceLocation
         this.namespace = namespace;
         this.path = path;
     }
diff --git a/src/main/java/net/minecraft/world/RandomizableContainer.java b/src/main/java/net/minecraft/world/RandomizableContainer.java
index 084935138b1484f3d96e99f4e5655a6c04931907..9e357abe13f55bd9ce3a1d5348bcf19a15ea5433 100644
--- a/src/main/java/net/minecraft/world/RandomizableContainer.java
+++ b/src/main/java/net/minecraft/world/RandomizableContainer.java
@@ -50,7 +50,7 @@ public interface RandomizableContainer extends Container {
 
     default boolean tryLoadLootTable(CompoundTag nbt) {
         if (nbt.contains("LootTable", 8)) {
-            this.setLootTable(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable"))));
+            this.setLootTable(net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl))); // Paper - Validate ResourceLocation
             if (this.lootableData() != null && this.getLootTable() != null) this.lootableData().loadNbt(nbt); // Paper - LootTable API
             if (nbt.contains("LootTableSeed", 4)) {
                 this.setLootTableSeed(nbt.getLong("LootTableSeed"));
diff --git a/src/main/java/net/minecraft/world/entity/EntityType.java b/src/main/java/net/minecraft/world/entity/EntityType.java
index 4eec58353343b414120e189afed04b98ae3e87c8..d77014aadf83088fb53f30a9dbe879f3089e159e 100644
--- a/src/main/java/net/minecraft/world/entity/EntityType.java
+++ b/src/main/java/net/minecraft/world/entity/EntityType.java
@@ -690,7 +690,7 @@ public class EntityType<T extends Entity> implements FeatureElement, EntityTypeT
     }
 
     public static Optional<EntityType<?>> by(CompoundTag nbt) {
-        return BuiltInRegistries.ENTITY_TYPE.getOptional(ResourceLocation.parse(nbt.getString("id")));
+        return BuiltInRegistries.ENTITY_TYPE.getOptional(ResourceLocation.tryParse(nbt.getString("id"))); // Paper - Validate ResourceLocation
     }
 
     @Nullable
diff --git a/src/main/java/net/minecraft/world/entity/Leashable.java b/src/main/java/net/minecraft/world/entity/Leashable.java
index 1a6448cccf79a94013f9f44c3067d91da3da1f7e..06af888e4c3d9d01a462b487742b597184a7a8a6 100644
--- a/src/main/java/net/minecraft/world/entity/Leashable.java
+++ b/src/main/java/net/minecraft/world/entity/Leashable.java
@@ -55,7 +55,13 @@ public interface Leashable {
     @Nullable
     default Leashable.LeashData readLeashData(CompoundTag nbt) {
         if (nbt.contains("leash", 10)) {
-            return new Leashable.LeashData(Either.left(nbt.getCompound("leash").getUUID("UUID")));
+            // Paper start
+            final CompoundTag leashTag = nbt.getCompound("leash");
+            if (!leashTag.hasUUID("UUID")) {
+                return null;
+            }
+            return new Leashable.LeashData(Either.left(leashTag.getUUID("UUID")));
+            // Paper end
         } else {
             if (nbt.contains("leash", 11)) {
                 Either<UUID, BlockPos> either = (Either) NbtUtils.readBlockPos(nbt, "leash").map(Either::right).orElse(null); // CraftBukkit - decompile error
diff --git a/src/main/java/net/minecraft/world/entity/LivingEntity.java b/src/main/java/net/minecraft/world/entity/LivingEntity.java
index f42a98324ecfc992cf36c2f44cdb781ad4edbad4..a7f0d49637eb72b4645997a97cc6927b16a59738 100644
--- a/src/main/java/net/minecraft/world/entity/LivingEntity.java
+++ b/src/main/java/net/minecraft/world/entity/LivingEntity.java
@@ -911,11 +911,13 @@ public abstract class LivingEntity extends Entity implements Attackable {
         if (nbt.contains("SleepingX", 99) && nbt.contains("SleepingY", 99) && nbt.contains("SleepingZ", 99)) {
             BlockPos blockposition = new BlockPos(nbt.getInt("SleepingX"), nbt.getInt("SleepingY"), nbt.getInt("SleepingZ"));
 
+            if (this.position().distanceToSqr(blockposition.getX(), blockposition.getY(), blockposition.getZ()) < 16 * 16) { // Paper - The sleeping pos will always also set the actual pos, so a desync suggests something is wrong
             this.setSleepingPos(blockposition);
             this.entityData.set(LivingEntity.DATA_POSE, Pose.SLEEPING);
             if (!this.firstTick) {
                 this.setPosToBed(blockposition);
             }
+            } // Paper - The sleeping pos will always also set the actual pos, so a desync suggests something is wrong
         }
 
         if (nbt.contains("Brain", 10)) {
diff --git a/src/main/java/net/minecraft/world/entity/Mob.java b/src/main/java/net/minecraft/world/entity/Mob.java
index 8a0e65ac8318a467996f48b423db1ac621359fbe..aad63549d7c4f501b683b8dead4938eac27895eb 100644
--- a/src/main/java/net/minecraft/world/entity/Mob.java
+++ b/src/main/java/net/minecraft/world/entity/Mob.java
@@ -601,7 +601,7 @@ public abstract class Mob extends LivingEntity implements EquipmentUser, Leashab
         this.leashData = this.readLeashData(nbt);
         this.setLeftHanded(nbt.getBoolean("LeftHanded"));
         if (nbt.contains("DeathLootTable", 8)) {
-            this.lootTable = Optional.of(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("DeathLootTable"))));
+            this.lootTable = Optional.ofNullable(ResourceLocation.tryParse(nbt.getString("DeathLootTable"))).map((rs) -> ResourceKey.create(Registries.LOOT_TABLE, rs)); // Paper - Validate ResourceLocation
             this.lootTableSeed = nbt.getLong("DeathLootTableSeed");
         }
 
diff --git a/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java b/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java
index 75cc3db39c974abab8510af4a633fc6812efc647..14e31ae88e90d8ea1a98800cc6c1c3527bb2ed6b 100644
--- a/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java
+++ b/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java
@@ -695,7 +695,7 @@ public abstract class AbstractArrow extends Projectile {
         this.setCritArrow(nbt.getBoolean("crit"));
         this.setPierceLevel(nbt.getByte("PierceLevel"));
         if (nbt.contains("SoundEvent", 8)) {
-            this.soundEvent = (SoundEvent) BuiltInRegistries.SOUND_EVENT.getOptional(ResourceLocation.parse(nbt.getString("SoundEvent"))).orElse(this.getDefaultHitGroundSoundEvent());
+            this.soundEvent = (SoundEvent) BuiltInRegistries.SOUND_EVENT.getOptional(ResourceLocation.tryParse(nbt.getString("SoundEvent"))).orElse(this.getDefaultHitGroundSoundEvent()); // Paper - Validate resource location
         }
 
         if (nbt.contains("item", 10)) {
diff --git a/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java b/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java
index 5c78e33d4d369700a5fa6eb3cbbe85756465a063..35f90e06dcf30c2e6a2a63e81215283ffbb3ec05 100644
--- a/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java
+++ b/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java
@@ -73,7 +73,7 @@ public interface ContainerEntity extends Container, MenuProvider {
     default void readChestVehicleSaveData(CompoundTag nbt, HolderLookup.Provider registries) {
         this.clearItemStacks();
         if (nbt.contains("LootTable", 8)) {
-            this.setContainerLootTable(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable"))));
+            this.setContainerLootTable(net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl))); // Paper - Validate ResourceLocation
             // Paper start - LootTable API
             if (this.getLootTable() != null) {
                 this.lootableData().loadNbt(nbt);
diff --git a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java
index ecb9abc570ef87541184a8033cb33c82a4d1daf2..a1ac34668fcd53cf8adf4ce463e0254b26575fbf 100644
--- a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java
+++ b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java
@@ -180,7 +180,11 @@ public abstract class AbstractFurnaceBlockEntity extends BaseContainerBlockEntit
         while (iterator.hasNext()) {
             String s = (String) iterator.next();
 
-            this.recipesUsed.put(ResourceKey.create(Registries.RECIPE, ResourceLocation.parse(s)), nbttagcompound1.getInt(s));
+            // Paper start - Validate ResourceLocation
+            final ResourceLocation resourceLocation = ResourceLocation.tryParse(s);
+            if (resourceLocation != null) {
+                this.recipesUsed.put(ResourceKey.create(Registries.RECIPE, resourceLocation), nbttagcompound1.getInt(s));
+            }
         }
 
         // Paper start - cook speed multiplier API
diff --git a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java
index 1bfffbf54b1b440c6e19a908ea2bd70387d06b5c..b08867878e56f88569d547765f29cab018a9e791 100644
--- a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java
+++ b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java
@@ -194,7 +194,7 @@ public class BrushableBlockEntity extends BlockEntity {
 
     private boolean tryLoadLootTable(CompoundTag nbt) {
         if (nbt.contains("LootTable", 8)) {
-            this.lootTable = ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable")));
+            this.lootTable = net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl)); // Paper - Validate ResourceLocation
             this.lootTableSeed = nbt.getLong("LootTableSeed");
             return true;
         } else {
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Nassim Jahnke <nassim@njahnke.dev>`
			`Date: Thu, 4 Jan 2024 13:49:14 +0100`
			`Subject: [PATCH] Validate ResourceLocation in NBT reading`


			`diff --git a/src/main/java/net/minecraft/nbt/NbtUtils.java b/src/main/java/net/minecraft/nbt/NbtUtils.java`
956 2024-06-14 10:56:28 +02:00			`index 4929bac8e476664086470f078efce6c0a6164413..f88dd37783b3c155c23b547c360b8d3c16e030c0 100644`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`--- a/src/main/java/net/minecraft/nbt/NbtUtils.java`
			`+++ b/src/main/java/net/minecraft/nbt/NbtUtils.java`
955 2024-04-25 01:25:57 +02:00			`@@ -149,8 +149,10 @@ public final class NbtUtils {`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`if (!nbt.contains("Name", 8)) {`
			`return Blocks.AIR.defaultBlockState();`
			`} else {`
956 2024-06-14 10:56:28 +02:00			`- ResourceLocation resourceLocation = ResourceLocation.parse(nbt.getString("Name"));`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`- Optional<? extends Holder<Block>> optional = blockLookup.get(ResourceKey.create(Registries.BLOCK, resourceLocation));`
			`+ // Paper start - Validate resource location`
			`+ ResourceLocation resourceLocation = ResourceLocation.tryParse(nbt.getString("Name"));`
			`+ Optional<? extends Holder<Block>> optional = resourceLocation != null ? blockLookup.get(ResourceKey.create(Registries.BLOCK, resourceLocation)) : Optional.empty();`
[ci skip] Add more patch identifying comments 2024-01-13 16:35:59 +01:00			`+ // Paper end - Validate resource location`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`if (optional.isEmpty()) {`
			`return Blocks.AIR.defaultBlockState();`
			`} else {`
Limit ResourceLocation length to nbt string tag length 2024-01-12 19:33:17 +01:00			`diff --git a/src/main/java/net/minecraft/resources/ResourceLocation.java b/src/main/java/net/minecraft/resources/ResourceLocation.java`
956 2024-06-14 10:56:28 +02:00			`index 87afe84791af2d5e9f869cd4c09eed4bb5fee75b..1967c43ee3a12e63365cc40ee6565307e2fd73cf 100644`
Limit ResourceLocation length to nbt string tag length 2024-01-12 19:33:17 +01:00			`--- a/src/main/java/net/minecraft/resources/ResourceLocation.java`
			`+++ b/src/main/java/net/minecraft/resources/ResourceLocation.java`
956 2024-06-14 10:56:28 +02:00			`@@ -41,6 +41,13 @@ public final class ResourceLocation implements Comparable<ResourceLocation> {`

			`assert isValidPath(path);`
Limit ResourceLocation length to nbt string tag length 2024-01-12 19:33:17 +01:00
Also check for the actual character length in ResourceLocation validation 2024-01-12 23:08:19 +01:00			`+ // Paper start - Validate ResourceLocation`
			`+ // Check for the max network string length (capped at Short.MAX_VALUE) as well as the max bytes of a StringTag (length written as an unsigned short)`
			`+ final String resourceLocation = namespace + ":" + path;`
			`+ if (resourceLocation.length() > Short.MAX_VALUE \|\| io.netty.buffer.ByteBufUtil.utf8MaxBytes(resourceLocation) > 2 * Short.MAX_VALUE + 1) {`
			`+ throw new ResourceLocationException("Resource location too long: " + resourceLocation);`
			`+ }`
			`+ // Paper end - Validate ResourceLocation`
Limit ResourceLocation length to nbt string tag length 2024-01-12 19:33:17 +01:00			`this.namespace = namespace;`
			`this.path = path;`
			`}`
fix and cleanup loot table patches (#10100) * fix and cleanup loot table patches * fixes 2024-05-26 21:51:15 +02:00			`diff --git a/src/main/java/net/minecraft/world/RandomizableContainer.java b/src/main/java/net/minecraft/world/RandomizableContainer.java`
Updated Upstream (Bukkit/CraftBukkit/Spigot) (#11405) Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 1fc1020a PR-1049: Add MenuType API 8ae2e3be PR-1055: Expand riptiding API cac68bfb SPIGOT-7890: AttributeModifier#getUniqueId() doesn't match the UUID passed to its constructor 7004fcf2 SPIGOT-7886: Fix mistake in AttributeModifier UUID shim 1ac7f950 PR-1054: Add FireworkMeta#hasPower 4cfb565f SPIGOT-7873: Add powered state for skulls CraftBukkit Changes: bbb30e7a8 SPIGOT-7894: NPE when sending tile entity update ba21e9472 SPIGOT-7895: PlayerItemBreakEvent not firing 0fb24bbe0 SPIGOT-7875: Fix PlayerItemConsumeEvent cancellation causing client-side desync 815066449 SPIGOT-7891: Can't remove second ingredient of MerchantRecipe 45c206f2c PR-1458: Add MenuType API 19c8ef9ae SPIGOT-7867: Merchant instanceof AbstractVillager always returns false 4e006d28f PR-1468: Expand riptiding API bd8aded7d Ignore checks in CraftPlayerProfile for ResolvableProfile used in profile components 8679620b5 SPIGOT-7889: Fix tool component deserialisation without speed and/or correct-for-drops 8d5222691 SPIGOT-7882, PR-1467: Fix conversion of name in Profile Component to empty if it is missing 63f91669a SPIGOT-7887: Remove duplicate ProjectileHitEvent for fireballs 7070de8c8 SPIGOT-7878: Server#getLootTable does not return null on invalid loot table 060ee6cae SPIGOT-7876: Can't kick player or disconnect player in PlayerLoginEvent when checking for cookies 7ccb86cc0 PR-1465: Add FireworkMeta#hasPower 804ad6491 SPIGOT-7873: Add powered state for skulls f9610cdcb Improve minecart movement Spigot Changes: a759b629 Rebuild patches Co-authored-by: Jake Potrebic <jake.m.potrebic@gmail.com> 2024-09-15 21:39:53 +02:00			`index 084935138b1484f3d96e99f4e5655a6c04931907..9e357abe13f55bd9ce3a1d5348bcf19a15ea5433 100644`
fix and cleanup loot table patches (#10100) * fix and cleanup loot table patches * fixes 2024-05-26 21:51:15 +02:00			`--- a/src/main/java/net/minecraft/world/RandomizableContainer.java`
			`+++ b/src/main/java/net/minecraft/world/RandomizableContainer.java`
			`@@ -50,7 +50,7 @@ public interface RandomizableContainer extends Container {`

			`default boolean tryLoadLootTable(CompoundTag nbt) {`
			`if (nbt.contains("LootTable", 8)) {`
956 2024-06-14 10:56:28 +02:00			`- this.setLootTable(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable"))));`
Fix max temper API for llama (#10823) 2024-05-29 20:17:56 +02:00			`+ this.setLootTable(net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl))); // Paper - Validate ResourceLocation`
fix and cleanup loot table patches (#10100) * fix and cleanup loot table patches * fixes 2024-05-26 21:51:15 +02:00			`if (this.lootableData() != null && this.getLootTable() != null) this.lootableData().loadNbt(nbt); // Paper - LootTable API`
			`if (nbt.contains("LootTableSeed", 4)) {`
			`this.setLootTableSeed(nbt.getLong("LootTableSeed"));`
Validate missed resource location parsing 2024-01-06 09:51:49 +01:00			`diff --git a/src/main/java/net/minecraft/world/entity/EntityType.java b/src/main/java/net/minecraft/world/entity/EntityType.java`
Patch 2024-10-24 15:25:36 +02:00			`index 4eec58353343b414120e189afed04b98ae3e87c8..d77014aadf83088fb53f30a9dbe879f3089e159e 100644`
Validate missed resource location parsing 2024-01-06 09:51:49 +01:00			`--- a/src/main/java/net/minecraft/world/entity/EntityType.java`
			`+++ b/src/main/java/net/minecraft/world/entity/EntityType.java`
Patch 2024-10-24 15:25:36 +02:00			`@@ -690,7 +690,7 @@ public class EntityType<T extends Entity> implements FeatureElement, EntityTypeT`
Validate missed resource location parsing 2024-01-06 09:51:49 +01:00			`}`

			`public static Optional<EntityType<?>> by(CompoundTag nbt) {`
956 2024-06-14 10:56:28 +02:00			`- return BuiltInRegistries.ENTITY_TYPE.getOptional(ResourceLocation.parse(nbt.getString("id")));`
Validate missed resource location parsing 2024-01-06 09:51:49 +01:00			`+ return BuiltInRegistries.ENTITY_TYPE.getOptional(ResourceLocation.tryParse(nbt.getString("id"))); // Paper - Validate ResourceLocation`
			`}`

			`@Nullable`
Check if leash tag has a uuid 2024-10-03 17:10:27 +02:00			`diff --git a/src/main/java/net/minecraft/world/entity/Leashable.java b/src/main/java/net/minecraft/world/entity/Leashable.java`
Patch 2024-10-24 15:25:36 +02:00			`index 1a6448cccf79a94013f9f44c3067d91da3da1f7e..06af888e4c3d9d01a462b487742b597184a7a8a6 100644`
Check if leash tag has a uuid 2024-10-03 17:10:27 +02:00			`--- a/src/main/java/net/minecraft/world/entity/Leashable.java`
			`+++ b/src/main/java/net/minecraft/world/entity/Leashable.java`
Patch 2024-10-24 15:25:36 +02:00			`@@ -55,7 +55,13 @@ public interface Leashable {`
Check if leash tag has a uuid 2024-10-03 17:10:27 +02:00			`@Nullable`
			`default Leashable.LeashData readLeashData(CompoundTag nbt) {`
			`if (nbt.contains("leash", 10)) {`
			`- return new Leashable.LeashData(Either.left(nbt.getCompound("leash").getUUID("UUID")));`
			`+ // Paper start`
			`+ final CompoundTag leashTag = nbt.getCompound("leash");`
			`+ if (!leashTag.hasUUID("UUID")) {`
			`+ return null;`
			`+ }`
			`+ return new Leashable.LeashData(Either.left(leashTag.getUUID("UUID")));`
			`+ // Paper end`
			`} else {`
			`if (nbt.contains("leash", 11)) {`
			`Either<UUID, BlockPos> either = (Either) NbtUtils.readBlockPos(nbt, "leash").map(Either::right).orElse(null); // CraftBukkit - decompile error`
Fix sleeping pos desync 2024-02-01 10:53:15 +01:00			`diff --git a/src/main/java/net/minecraft/world/entity/LivingEntity.java b/src/main/java/net/minecraft/world/entity/LivingEntity.java`
Patch 2024-10-24 15:25:36 +02:00			`index f42a98324ecfc992cf36c2f44cdb781ad4edbad4..a7f0d49637eb72b4645997a97cc6927b16a59738 100644`
Fix sleeping pos desync 2024-02-01 10:53:15 +01:00			`--- a/src/main/java/net/minecraft/world/entity/LivingEntity.java`
			`+++ b/src/main/java/net/minecraft/world/entity/LivingEntity.java`
Patch 2024-10-24 15:25:36 +02:00			`@@ -911,11 +911,13 @@ public abstract class LivingEntity extends Entity implements Attackable {`
Fix sleeping pos desync 2024-02-01 10:53:15 +01:00			`if (nbt.contains("SleepingX", 99) && nbt.contains("SleepingY", 99) && nbt.contains("SleepingZ", 99)) {`
			`BlockPos blockposition = new BlockPos(nbt.getInt("SleepingX"), nbt.getInt("SleepingY"), nbt.getInt("SleepingZ"));`
956 2024-06-14 10:56:28 +02:00
Fix sleeping pos desync 2024-02-01 10:53:15 +01:00			`+ if (this.position().distanceToSqr(blockposition.getX(), blockposition.getY(), blockposition.getZ()) < 16 * 16) { // Paper - The sleeping pos will always also set the actual pos, so a desync suggests something is wrong`
			`this.setSleepingPos(blockposition);`
			`this.entityData.set(LivingEntity.DATA_POSE, Pose.SLEEPING);`
			`if (!this.firstTick) {`
			`this.setPosToBed(blockposition);`
			`}`
			`+ } // Paper - The sleeping pos will always also set the actual pos, so a desync suggests something is wrong`
			`}`

			`if (nbt.contains("Brain", 10)) {`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`diff --git a/src/main/java/net/minecraft/world/entity/Mob.java b/src/main/java/net/minecraft/world/entity/Mob.java`
Patch 2024-10-24 15:25:36 +02:00			`index 8a0e65ac8318a467996f48b423db1ac621359fbe..aad63549d7c4f501b683b8dead4938eac27895eb 100644`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`--- a/src/main/java/net/minecraft/world/entity/Mob.java`
			`+++ b/src/main/java/net/minecraft/world/entity/Mob.java`
Patch 2024-10-24 15:25:36 +02:00			`@@ -601,7 +601,7 @@ public abstract class Mob extends LivingEntity implements EquipmentUser, Leashab`
956 2024-06-14 10:56:28 +02:00			`this.leashData = this.readLeashData(nbt);`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`this.setLeftHanded(nbt.getBoolean("LeftHanded"));`
			`if (nbt.contains("DeathLootTable", 8)) {`
Patch 2024-10-24 15:25:36 +02:00			`- this.lootTable = Optional.of(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("DeathLootTable"))));`
			`+ this.lootTable = Optional.ofNullable(ResourceLocation.tryParse(nbt.getString("DeathLootTable"))).map((rs) -> ResourceKey.create(Registries.LOOT_TABLE, rs)); // Paper - Validate ResourceLocation`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`this.lootTableSeed = nbt.getLong("DeathLootTableSeed");`
			`}`

			`diff --git a/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java b/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java`
Patch 2024-10-24 15:25:36 +02:00			`index 75cc3db39c974abab8510af4a633fc6812efc647..14e31ae88e90d8ea1a98800cc6c1c3527bb2ed6b 100644`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`--- a/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java`
			`+++ b/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java`
Patch 2024-10-24 15:25:36 +02:00			`@@ -695,7 +695,7 @@ public abstract class AbstractArrow extends Projectile {`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`this.setCritArrow(nbt.getBoolean("crit"));`
			`this.setPierceLevel(nbt.getByte("PierceLevel"));`
			`if (nbt.contains("SoundEvent", 8)) {`
956 2024-06-14 10:56:28 +02:00			`- this.soundEvent = (SoundEvent) BuiltInRegistries.SOUND_EVENT.getOptional(ResourceLocation.parse(nbt.getString("SoundEvent"))).orElse(this.getDefaultHitGroundSoundEvent());`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`+ this.soundEvent = (SoundEvent) BuiltInRegistries.SOUND_EVENT.getOptional(ResourceLocation.tryParse(nbt.getString("SoundEvent"))).orElse(this.getDefaultHitGroundSoundEvent()); // Paper - Validate resource location`
			`}`

956 2024-06-14 10:56:28 +02:00			`if (nbt.contains("item", 10)) {`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`diff --git a/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java b/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java`
Patch 2024-10-24 15:25:36 +02:00			`index 5c78e33d4d369700a5fa6eb3cbbe85756465a063..35f90e06dcf30c2e6a2a63e81215283ffbb3ec05 100644`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`--- a/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java`
			`+++ b/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java`
fix and cleanup loot table patches (#10100) * fix and cleanup loot table patches * fixes 2024-05-26 21:51:15 +02:00			`@@ -73,7 +73,7 @@ public interface ContainerEntity extends Container, MenuProvider {`
Patch 2024-10-24 15:25:36 +02:00			`default void readChestVehicleSaveData(CompoundTag nbt, HolderLookup.Provider registries) {`
Validate ResourceLocation in NBT reading 2024-01-04 13:52:38 +01:00			`this.clearItemStacks();`
			`if (nbt.contains("LootTable", 8)) {`
Patch 2024-10-24 15:25:36 +02:00			`- this.setContainerLootTable(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable"))));`
			`+ this.setContainerLootTable(net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl))); // Paper - Validate ResourceLocation`
fix and cleanup loot table patches (#10100) * fix and cleanup loot table patches * fixes 2024-05-26 21:51:15 +02:00			`// Paper start - LootTable API`
			`if (this.getLootTable() != null) {`
			`this.lootableData().loadNbt(nbt);`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00			`diff --git a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java`
Patch 2024-10-24 15:25:36 +02:00			`index ecb9abc570ef87541184a8033cb33c82a4d1daf2..a1ac34668fcd53cf8adf4ce463e0254b26575fbf 100644`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00			`--- a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java`
			`+++ b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java`
Patch 2024-10-24 15:25:36 +02:00			`@@ -180,7 +180,11 @@ public abstract class AbstractFurnaceBlockEntity extends BaseContainerBlockEntit`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00			`while (iterator.hasNext()) {`
			`String s = (String) iterator.next();`

Patch 2024-10-24 15:25:36 +02:00			`- this.recipesUsed.put(ResourceKey.create(Registries.RECIPE, ResourceLocation.parse(s)), nbttagcompound1.getInt(s));`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00			`+ // Paper start - Validate ResourceLocation`
			`+ final ResourceLocation resourceLocation = ResourceLocation.tryParse(s);`
			`+ if (resourceLocation != null) {`
Patch 2024-10-24 15:25:36 +02:00			`+ this.recipesUsed.put(ResourceKey.create(Registries.RECIPE, resourceLocation), nbttagcompound1.getInt(s));`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00			`+ }`
			`}`

			`// Paper start - cook speed multiplier API`
			`diff --git a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java`
Patch 2024-10-24 15:25:36 +02:00			`index 1bfffbf54b1b440c6e19a908ea2bd70387d06b5c..b08867878e56f88569d547765f29cab018a9e791 100644`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00			`--- a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java`
			`+++ b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java`
Patch 2024-10-24 15:25:36 +02:00			`@@ -194,7 +194,7 @@ public class BrushableBlockEntity extends BlockEntity {`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00
			`private boolean tryLoadLootTable(CompoundTag nbt) {`
			`if (nbt.contains("LootTable", 8)) {`
956 2024-06-14 10:56:28 +02:00			`- this.lootTable = ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable")));`
955 2024-04-25 01:25:57 +02:00			`+ this.lootTable = net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl)); // Paper - Validate ResourceLocation`
Add more ResourceLocation checks, some cleanup 2024-02-18 12:53:27 +01:00			`this.lootTableSeed = nbt.getLong("LootTableSeed");`
			`return true;`
			`} else {`