[MC-10984] GS4 query listener fails to send player list when len(players) > 127 Created: 04/Mar/13  Updated: 01/Oct/13  Resolved: 01/Oct/13

Status: Resolved
Project: Minecraft: Java Edition
Component/s: None
Affects Version/s: Minecraft 1.4.7, Snapshot 13w10a, Minecraft 1.5, Snapshot 13w11a, Minecraft 1.5.1, Minecraft 1.6.1, Minecraft 1.6.2
Fix Version/s: Minecraft 13w41a

Type: Bug
Reporter: Barney Gale Assignee: [Mojang] Nathan Adams
Resolution: Fixed Votes: 10
Labels: buffer, gs4, listener, query, rcon
Environment:

barney@invert:~$ java -version
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b20)
Java HotSpot(TM) 64-Bit Server VM (build 23.0-b21, mixed mode)


Issue Links:
Duplicate
is duplicated by MC-13441 RCON buffer overflow when more than 1... Resolved
is duplicated by MC-399 Multiplayer - TAB player list doesnt ... Resolved
is duplicated by MC-587 Server bug Resolved
CHK:
Confirmation Status: Plausible

 Description   

The GS4 Query protocol that minecraft uses is described here, and can be enabled with `enable-query=true` in server.properties.

In short, in full stat mode, the server sends an empty player list if `count(players) > 127`.

The exact bug is slightly more subtle. Excerpt from RemoteStatusListener.java:

            this.cachedReply.write("player_");
            this.cachedReply.write((int) 0);
            String[] astring = this.server.getPlayers();
            byte b0 = (byte) astring.length;

            for (byte b1 = (byte) (b0 - 1); b1 >= 0; --b1) {
                this.cachedReply.write(astring[b1]);
            }

            this.cachedReply.write((int) 0);

The byte cast causes the player list length variable to overflow, and as the loop counts backwards to zero, no players are sent when the count is 128-255. Beyond this the pattern repeats (i.e. with 300 players online, 44 would be listed), so the players list is only reliable for 127 players or fewer.

By contrast, the 'this.server.getPlayers()' method is implemented with an int counter in PlayerList.java:

        String[] astring = new String[this.players.size()];

        for (int i = 0; i < this.players.size(); ++i) {
            astring[i] = ((EntityPlayer) this.players.get(i)).getName();
        }

        return astring;

I also can't think of a reason for the player list to be reversed, as its stored in a largely non-useful order anyway.



 Comments   
Comment by Barney Gale [ 05/Aug/13 ]

Could this bug be reassigned? I think Dan Frisk is busy working on MCPE

Generated at Sun Jan 12 12:26:10 UTC 2025 using Jira 9.12.2#9120002-sha1:301bf498dd45d800842af0b84230f1bb58606c13.