<!-- 
RSS generated by JIRA (9.12.2#9120002-sha1:301bf498dd45d800842af0b84230f1bb58606c13) at Sat Jan 11 15:01:43 UTC 2025

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Mojang Studios Jira</title>
    <link>https://bugs.mojang.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en</language>    <build-info>
        <version>9.12.2</version>
        <build-number>9120002</build-number>
        <build-date>10-01-2024</build-date>
    </build-info>


<item>
            <title>[MCPE-13916] Segfault on changing worlds</title>
                <link>https://bugs.mojang.com/browse/MCPE-13916</link>
                <project id="10200" key="MCPE">Minecraft (Bedrock codebase)</project>
                    <description>&lt;p&gt;My client segfaults and crashes occasionally when switching worlds on a multiplayer server. So far I cannot recreate it every time, but it happens about 10% of the time and I have recreated it about a dozen times. I believe it may be related to switching worlds multiple times in quick succession, but I cannot be sure of that.&lt;/p&gt;

&lt;p&gt;The crash log from my phone is attached.&lt;/p&gt;

&lt;p&gt;Update: With about 60 tries on an iPhone 4 running iOS 7.1.2, I cannot recreate this issue using the same exact circumstances as causes the crashes on my iPhone 6 plus.&lt;/p&gt;</description>
            <key id="137241">MCPE-13916</key>
            <summary>Segfault on changing worlds</summary>
                <type id="1" iconUrl="https://bugs.mojang.com/secure/viewavatar?size=xsmall&amp;avatarId=18903&amp;avatarType=issuetype">Bug</type>
                                    <status id="5" iconUrl="https://bugs.mojang.com/images/icons/statuses/resolved.png" description="A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.">Resolved</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="5">Cannot Reproduce</resolution>
                                            <reporter username="Brutus">C S</reporter>
                        <labels>
                    </labels>
                <created>Wed, 9 Mar 2016 15:37:16 +0100</created>
                <updated>Mon, 21 Aug 2017 13:08:14 +0200</updated>
                            <resolved>Mon, 21 Aug 2017 13:08:14 +0200</resolved>
                                    <version>0.14.0</version>
                                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                            <comments>
                            <comment id="402243" author="mega_spud" created="Mon, 21 Aug 2017 13:08:14 +0200"  >&lt;p&gt;This ticket has been resolved as &apos;Cannot Reproduce&apos; as it has not been updated recently &lt;em&gt;(1 year+)&lt;/em&gt;&lt;/p&gt;</comment>
                            <comment id="324014" author="aman4700" created="Mon, 8 Aug 2016 03:49:54 +0200"  >&lt;p&gt;Please respond and add the current version if you can reproduce this issue.&lt;/p&gt;</comment>
                            <comment id="293734" author="brutus" created="Wed, 9 Mar 2016 18:52:09 +0100"  >&lt;p&gt;I just want to point out, that this could theoretically cause a security issue like a remote-code-execution exploit. I don&apos;t have any proof of concept code and this may be infeasible in practice. But in an abstract theoretical sense, we have a situation in which a server that a user connects to can:&lt;br/&gt;
1. Populate their device&apos;s memory with tons of arbitrary data, such as chunk data, which could be sizable enough to serve as a base for malicious code and exploits.&lt;br/&gt;
2. Remotely cause inconsistency in memory access by using an abnormal pattern of packets. In other words, they may be able to use this bug in a specifically targeted way.&lt;/p&gt;

&lt;p&gt;If an attacker was able to disguise malicious code as chunk data and then redirect the flow of execution to that code, they could create a remote-code-execution exploit that could infect a phone just by having the user connect to the malicious server. &lt;/p&gt;

&lt;p&gt;So much arbitrary server-defined data alongside remotely triggerable memory-location inconsistencies (ie this bug) in assembly code is just dangerous.&lt;/p&gt;</comment>
                            <comment id="293723" author="brutus" created="Wed, 9 Mar 2016 18:37:07 +0100"  >&lt;p&gt;I can also confirm that this happens on an iPhone 6s with iOS 9.2.1.&lt;/p&gt;</comment>
                            <comment id="293705" author="brutus" created="Wed, 9 Mar 2016 18:00:37 +0100"  >&lt;p&gt;The exact circumstances could not feasibly be replicated on a local server, because the trigger that I have been able to use to recreate the issue is related to packet manipulation where multiple change-dimension packets are sent to the client in a short period of time.&lt;/p&gt;</comment>
                            <comment id="293698" author="rplatham" created="Wed, 9 Mar 2016 17:50:12 +0100"  >&lt;p&gt;Does this happen if the multiplayer server is running locally on one of your devices?&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="113694" name="crash log.txt" size="48155" author="Brutus" created="Wed, 9 Mar 2016 15:37:16 +0100"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                            <customfield id="customfield_10500" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Confirmation Status</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10300"><![CDATA[Unconfirmed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_11700" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_11300" key="com.atlassian.jira.plugin.system.customfieldtypes:textfield">
                        <customfieldname>Operating System Version</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>iOS 9.2.1</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10402" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Platform</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10705"><![CDATA[Phone - iOS - iPhone 6 Plus]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11600" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i0kzqn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    </customfields>
    </item>
</channel>
</rss>