From 883f50eb19058cdb0bad5d797f32670046111138 Mon Sep 17 00:00:00 2001
From: strnq <dev@aruus.uk>
Date: Sat, 14 Sep 2024 12:53:13 +0300
Subject: [PATCH] Validate slot in PlayerInventory#setSlot

The CraftPlayerInventory implementation sends a container_set_slot
packet to the client which will error if an invalid slot is passed to
the setSlot method, making a validation necessary over simply silently
ignoring invalid slot values.
---
 .../bukkit/craftbukkit/inventory/CraftInventoryPlayer.java   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/paper-server/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java b/paper-server/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
index 656c9a6d8c..df847c9897 100644
--- a/paper-server/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
+++ b/paper-server/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
@@ -70,6 +70,11 @@ public class CraftInventoryPlayer extends CraftInventory implements org.bukkit.i
 
     @Override
     public void setItem(int index, ItemStack item) {
+        // Paper start - Validate setItem index
+        if (index < 0 || index > 40) {
+            throw new ArrayIndexOutOfBoundsException("Index must be between 0 and 40");
+        }
+        // Paper end - Validate setItem index
         super.setItem(index, item);
         if (this.getHolder() == null) return;
         ServerPlayer player = ((CraftPlayer) this.getHolder()).getHandle();