-
-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Paper 1.18.2 /tomap error "CraftItem failed" #255
Comments
Update: I believe QuartzLib NBT.java is the problem. Line 309 try {
I believe this call is no longer working, but haven't figured out why yet. Comments suggest that his was added for 1.18, so maybe something has changed again? |
Ok, that line was a bit of a red herring. Now I'm thinking it's this line: Throwing: |
Who knew I'd be learning so much today! So it seems the Reflections class is what's used to reference internal Minecraft classes? And on new version releases the class might be disappear or be changed to something else? So I need to find what the new class is I think. |
Yeah I think that's the problem indeed. Minecraft is changing internal classes names used to handle NBT data. We need either to find the new classes, or find a better way to handle the need to identify imageonmap maps without altering NBT data. |
Some effort in QuartzLib were started by @Vlammar, but are not done yet due to… our indisponibilities. |
Fixed it. |
cc @Vlammar |
that's really a pain that they change for every version those damn method name |
sooo is the plugin gonna be updated? having this same issue on my server |
Feel free to contribute if you want to speed things up. I don't have free time to work on IoM these days, sorry. |
I can confirm. I downloaded the source to both ImageOnMap and Quartzlib, changed that one character from "t" to "u", recompiled and installed the Quartzlib package locally and then re-built ImageOnMap and it works fine now. The old frames were left invisible where I put them originally and I had to break them to lay out a new grid. A decent temporary fix. Great plugin by the way, hope everyone is well. Also, the version number is mislabeled in the pom file for the master branch. Everything says 0.0.6 except the pom, which is still saying 0.0.5 |
Any tutorial on how to do this? |
I would really wait for an official fix if I were you unless you already have an environment set up to build and compile the source. The fix is easy, but setting up the environment to compile and repackage is out of the scope of this thread. The issue in compatibility is actually in Quartzlib, the library that that is included and built along side of the plugin, inside the jar not any of the code in the plugin itself if that makes any sense. The issue is, while it fixes it for 1.18.2, it breaks it for 1.18.1 etc etc. Ill attach the jar I built, but you probably shouldn't be all willy nilly using any jar you stumble across on the internet. As there is plenty of room for malicious intent. If the developers don't want this file here feel free to delete it. LINK REMOVED DUE TO SUSPICION OF INFECTED JAR |
Awesome! Thanks so much. |
@J-eremy according to my server provider after installing that fixed jar all my plugin jars got infected and i had to remove and reinstall all of them |
Its definitely not from my jar. I literally only changed that one character in the lib. You might want to look at all your other jars before you go any further. |
this is what i thought so thats why i said according to my server provider... i think they are trying to money-grab things in order for me to pay more sadly.. last year they told me that my ram wasnt enough and my server was running out of performance (5gb ram for a 3 person server lmao) i just wanted to assure myself by saying it to you thank you again |
That's weird I don't have any if that in my folder. you did extract the zip file so its the actual .jar in the plugins folder right?
Yea that's not good. Sounds like a company I wouldn't want to work with. 5gb of ram is damn good for a small server, unless you are running every plugin known to man. Im also not sure if its even possible to have one jar effect other jars on the server, I could be wrong but i always assumed it could just mess up your whole world or give randoms access to what they shouldnt. If someone knows if a jar has write access to that folder after being loaded into memory please fill me in, because I am in no way a java programmer lol. @ZerpCraft is the real MVP here, I just applied his findings. |
no idea, I tried the jar you sent and yeah I do have the ImageOnMap.jar file in my plugins folder, it's just that everytime the plugin loads, it creates those temp files, not sure what I did wrong x) |
The only thing I seemed to find when I searched for that filename is something about fabric. Are you using a mod-loader like fabric or forge or are you using it with just the standard plugin stuff. I'm using paperMC as the server jar and letting it load plugins the normal way, no forge or fabric or any of that funny business. Try just spinning up a vanilla flavor of bukkit and see if those files are generated. I have personally never seen the plugin folder fill up like that. |
paper as well, tried the latest dev build earlier |
@J-eremy The jar is indeed infected. Decompiling it shows the javassist package. This is why you ALWAYS wait for official fixes. Problem is, this ended on the Bukkit.org page. Users should be informed. Those who run it will need to clear the server folder from any jar file. Now, if someone can understand what it did other than spreading itself, that'd be nice... |
oh wow... i guess it wasnt my server provider trying to money grab me good thing i removed the jar after this happened and never reinstalled |
I removed the links just to be sure. (I kept it on my side.) If you want to contribute, instead of sharing links like this, open pull requests! Code will be visible to everyone and thinks like this are very unlikely to happen. |
What you are showing is not de-compiling it is just opening the jar as an archive. I compiled the jar the normal way with maven. Nothing was changed in the source for this plugin as the issue is with the library it uses not the code for the plugin itself and when I modified it I also did a PR for that repo. I'm not a java programmer by far, I just know how to recompile things after small changes, as far as I can tell javassist is a library that must have been needed to compile the software and find no information on the internet saying its malicious in any way. Someone more knowledgeable than me please chime in. If you go look at the PR's for Quartzlib you will see my pull request for what I changed. All I can really say is what I already said, if your paranoid don't use it, wait until it is officially released. If you do use it make sure that your file has the same hash as the one I uploaded. But again, I don't see any signs of my file being infected in any way, nor do I appreciate being accused of distributing a malicious file. But on the other hand if it is actually found to be a problem then someone should really inspect upstream because I just cloned the git repositories and that would mean the problem is bigger than just this situation. |
As for javassist being "just a library", yeah, a library that generates bytecode on the fly and rewrites classes ... which sounds perfect if you want to craft an exploit payload. |
Exactly |
By the way, I guess you're still looking for how this happened, since you didn't follow up here about that yet. Any chance you had (or still have) a plugin with old, unpatched Log4J on a publicly-accessible MC server on the same system where you did the build? |
That's where the Java devs here will have to fill you in. Other package managers I'm familiar with automatically audit when you install the dependencies and will flag any issues (and even offer to fix them for you if upgrading the deps does not introduce breaking changes). Of course, it's up to you to check the output of the build and make sure there aren't any such issues before releasing anything (ideally with a build toolchain that refuses to publish a release if any of those checks fail!) |
Does anyone have a fix build for this error? |
Which line was this on? Going to be opening up a PR and do minimal testing my side EDIT: Found out the post above mine has the instructions. Go to school and learn to read kids. |
I opened a pr at quartzlib already a while ago, and since then someone actually did it right in another PR making it work with not only 1.18.2 but also lower versions. The issue isn't technically with this plug in itself, it's the library it relies on, and is built with that has the compatibility issue. |
This one, I guess: zDevelopers/QuartzLib/pull/87 |
It doesn't really matter its about the same, just the location of your home directory will be different. It is more complicated because the pom files for the 0.0.6 Quartzlib are out of date and dont state the correct version for building. It builds fine, but is named and installed incorrectly as 0.0.5-SNAPSHOT when in fact it is the 0.0.6 source. What you have to do, or I did in my case is clone the Quartzlib repo, then clone the Imageonmap repo. then go into the quartzlib sub directory in the original Quartzlib directory and open up that pom.xml file and change line 18 from: Now make your mods to the source like the ones here: Once you have the code set, the pom files changed you are almost ready to build, what I recommend first to do is clear out your local maven repo folder if it exists. This will make sure you don't have anything in there at all, and will re download the other million dependencies as needed, but not Quartzlib as you will be building that yourself. delete everything from that folder, that's the local repo. Now you can build Quartzlib and install it into that directory using the code you modified. What this should do is use your custom Quartzlib that you compiled to compile the jar for Imageonmap and place it in the directory: |
Here's the jar I've compiled myself and have been using for a little over a week. As always, be sure to create backups before running new plugins, keep a close eye on their behavior, and if possible, always try compiling it yourself. |
You have a jar, inside that jar. Thats why the file size is twice what its supposed to be... |
Github didn't allow me to upload the .jar file directly, which was why I compressed it to a zip file. Regardless, if you don't wish to use it, then don't worry about it. I'm just trying to be helpful. |
Yes, that Quartzlib Snapshop jar is from the zDevelopers/QuartzLib#87 PR. I'm a C# developer, not a Java developer. My experience with Maven is next to none |
from what I understand, ImageOnMap uses Quartzlib as a dependency at build time. Which means it bakes it all in at go time. This is why you have to compile Quartzlib and install it locally in the maven repo before compiling ImageOnMap, as ImageOnMap looks for Quartzlib in the repo and if it isn't found it downloads it. But if it is found uses the local copy. |
You are welcome to recompile and upload if you are not content with how I did so /nm |
nope, been there done that didn't work out well. lmfao. Just giving you a heads up that is all. |
I have released a temporary fix, with source, for 1.18.2 users at https://github.com/Nowaha/ImageOnMap/releases/tag/4.2.3 |
@Nowaha Thanks. Seems to work. Note: version still reports as 4.2.2 when it starts up. |
@Nowaha Existing maps appear to no longer be displayed. Newly registered ones are displayed. |
Plugin version is 4.2.2
Command run: /tomap https://i.imgur.com/hfn0QMe.png
Other notes: After the error, the item frames turn invisible. Screenshot attached. Notice in the screenshot that on the right hand side the readout says I'm still looking at an Item_frame [entity.]
Stack Trace:
The text was updated successfully, but these errors were encountered: