[vulnerability?] Client perma-kicked with 'Attempted to read NBT tag that was too big' when creating infinite Spell Circle Oroboros

[ProtoSebastian]

Modloader

Fabric

Minecraft version

1.20.1

Hex Casting version

0.11.2

Modloader version

Fabric 0.16.10

Modpack info

No response

The latest.log file

No response

Issue description

I was goofing around with Spell Circles and thought, "why not make a funny particle accelerator to see if there's an op and speed limit?"
The existing safety measures stopped me for a while without a Mason Directrix but eventually I figured if I coerce it into trusting me with an Empty Directrix with a path back to the Impetus on one end, and a closed loop on the other end of the Directrix, if the Media wave chooses to follow the closed loop if sufficiently long it gives me ample time to replace the Directrix with an Empty Impetus that endlessly redirects the Oroboros into eating itself.
After that discovery, I added a few patterns in the closed loop to make a harmless Explosion effect at the center of the Spell Circle for giggles and gave it 32 amethyst shards (160 amethyst dust, or 1280 loops in this case [0.125 dust/loop]) to work with; will it run out of Media first or hit a limit?
I waited and waited, looking around in the configs to see if I can estimate when it stops before I suddenly got kicked with the message java.lang.RuntimeException: Tried to read NBT tag that was too big; tried to allocate: 2097157bytes where max allowed: 2097152 after an excruciating amount of time.
Thought I crashed the server but no! It's a perma-kick bug! I tried 10 times to join back to no avail, the allocating bytes mockingly increasing with every try.
I eventually figured it was the Impetus recording something on every action and that eventually became big enough to cause a problem when read on my client.
I also realized this could be used to render a few chunks unwalkable with the only prerequisites of:

• Enough slates for 2 loops
• 1x Impetus with a cradled mind
• 1x Empty Impetus
• 1x Empty Directrix
• 1x Total lack of consideration for self and neighbors

Quite the list requiring End City materials but this is a potential perma-kick we're talking about!
However there was a fix, mods exist that fix packet issues like this and I tried one aptly called Packet Fixer and it sure fixed me getting kicked, allowing me time to investigate and euthanize this poor Oroboros. Trying to /data get block the Impetus was met with considerable lag followed with an incomplete message:

[01:10:27] [Render thread/INFO]: [System] [CHAT] Can't deliver chat message, check server logs: 38, 45, 44 has the following block data: {z: 44, x: 38, executor: {image: {ops_consumed: 0L, parenthesized: {escaped: [B;], iotas: []}, stack: [], userdata: {}, open_parens: 0, escape_next: 0b}, pigment: {stack: {id: "hexcasting:pride_colorizer_transgender

At the exact same timestamp, I found this in the server logs:

[01:10:27] [Netty Epoll Server IO #3/ERROR]: Error receiving packet 100
io.netty.handler.codec.EncoderException: String too big (was 7516421 characters, max 262144)
	at net.minecraft.class_2540.method_10788(class_2540.java:1876) ~[server-intermediary.jar:?]
	at net.minecraft.class_2540.method_10805(class_2540.java:514) ~[server-intermediary.jar:?]
	at net.minecraft.class_7439.method_11052(class_7439.java:14) ~[server-intermediary.jar:?]
	at net.minecraft.class_2545.method_10838(class_2545.java:45) ~[server-intermediary.jar:?]
	at net.minecraft.class_2545.encode(class_2545.java:14) ~[server-intermediary.jar:?]
	at io.netty.handler.codec.MessageToByteEncoder.write(MessageToByteEncoder.java:107) ~[netty-codec-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:717) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:709) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:792) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:702) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.handler.codec.MessageToMessageEncoder.write(MessageToMessageEncoder.java:113) ~[netty-codec-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:717) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:709) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:792) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:702) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:697) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.DefaultChannelPipeline.write(DefaultChannelPipeline.java:1010) ~[netty-transport-4.1.82.Final.jar:?]
	at io.netty.channel.AbstractChannel.write(AbstractChannel.java:296) ~[netty-transport-4.1.82.Final.jar:?]
	at net.minecraft.class_2535.doSendPacket(class_2535.java:2106) ~[server-intermediary.jar:?]
	at net.minecraft.class_2535.md8fa0b4$krypton$lambda$sendImmediately$rewrite$0$1(class_2535.java:2089) ~[server-intermediary.jar:?]
	at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) ~[netty-common-4.1.82.Final.jar:?]
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167) ~[netty-common-4.1.82.Final.jar:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470) ~[netty-common-4.1.82.Final.jar:?]
	at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:403) ~[netty-transport-classes-epoll-4.1.82.Final.jar:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[netty-common-4.1.82.Final.jar:?]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.82.Final.jar:?]
	at java.lang.Thread.run(Thread.java:840) ~[?:?]

From what I decoded, it was trying to send a whopping 7516421 characters worth of Impetus records!
This made me sure it was the Impetus. And when I killed the Oroboros it sent a considerably more sane message for /data get block executed on the Impetus:

[01:11:12] [Render thread/INFO]: [System] [CHAT] 38, 45, 44 has the following block data: {z: 44, x: 38, look_amount: 27, id: "hexcasting:impetus/look", y: 45, media: 268750L}

(It's a Fletcher Impetus)
No errors!
As mentioned before this has a fix in the form of third-party mods, but looking around online the first few results mentioned world corruption!
In this case it of course was not corrupted and was just the result of a rogue experiment.

Steps to reproduce

1. Put down an Impetus capable of making a Media wave and create a line of slates leading to a perpendicular Empty Directrix.

2. Create 2 loops of slates on either side of the Empty Directrix, one leading back to the Impetus and a closed loop on the other leading back to the Empty Directrix, long enough to give you time to replace the Empty Directrix.

3. (optional?) Write a simple spell with the slates in the closed loop, load up the Impetus with enough Media for atleast a thousand and some loops. (for example 32 Amethyst Shards in my case, allowing 1280 loops with my particular configuration)

4. Create Media waves until it chooses the closed loop, which then you quickly replace the Empty Diretrix with an Empty Impetus that redirects the wave of Media back into the loop.

5. Wait for a while, in my case it took an estimated 1065 loops based on used Media when stopped (with a closed loop 16 slates in length). Eventually, your client will be kicked reading the NBT data of the Impetus.

(no visual)

Other information

Installed mods:

AE2CC Bridge [1.0.0-1.20.1-FABRIC-0.0]
Alloy Forgery [2.1.2+1.20]
Almanac [1.0.2]
AlmostUnified [1.20.1-0.9.4]
AmbientSounds [6.1.4]
Angel Block Renewed [1.3]
AppleSkin [2.5.1+mc1.20]
Applied Botanics [1.5.0]
Applied Energistics 2 [15.3.3]
Architectury [9.2.14]
Bad Packets [0.4.3]
Balm [7.3.11]
Battle Towers [1.2.0]
Better Archeology [1.2.1-1.20.1]
BiomesOPlenty [19.0.0.94]
Bookshelf [20.2.13]
Botania [1.20.1-446-FABRIC]
Botarium [2.3.4]
Brewin And Chewin [3.0.6+1.20.1]
CC: Tweaked [1.114.3]
CC:C Bridge [1.6.2b-fabric]
Camerapture [1.9.0]
Cardinal Components API [5.2.3]
Chunk Loaders [1.2.8+a]
Chunks Fade In [1.0.7-1.20.1]
Cloth Config v11 [11.1.136]
Clumps [12.0.0.4]
Comforts [6.4.0+1.20.1]
Common Network [1.0.5-1.20.1]
Concurrent Chunk Management Engine [0.2.0+alpha.11.15]
Conveyor Belts [1.9.0]
CoroUtil [1.20.1-1.3.7]
Create [0.5.1-j-build.1631+mc1.20.1]
Create Big Cannons [5.8.2]
Create FastFood [0.3]
Create Ore Excavation [1.5.4]
Create Sifter [0.1.1+1.20.1]
Create Slice & Dice [3.3.1]
Create: Broken Bad [3.1.2]
Create: Estrogen [4.3.2+1.20.1-fabric]
Create: Food [1.1.7]
Create: Molten Metals [1.20.1-0.1.4]
CreateNuclear [1.20.1]
CreativeCore [2.12.24]
Cull Less Leaves [1.4.2+1.21-fabric]
Debugify [1.20.1+2.0]
Detail Armor Bar [2.6.3+1.20.1-fabric]
Disx [0.2.1]
Drip Sounds [0.4.0]
Ducky Peripherals [1.20.1-1.3.1]
Dynamic Crosshair [9.3]
Dynamic FPS [3.7.7]
Dynamic Lights [1.8.3+mod]
Eciipse Plushies Fabric [1.0.0]
Embeddium [0.3.25+mc1.20.1]
EntityCulling [1.7.2]
Exordium [1.4.0]
Explorer's Compass [1.20.1-2.2.3-fabric]
Fabric API [0.92.3+1.20.1]
Fabric Language Kotlin [1.13.1+kotlin.2.1.10]
FallingTree [4.3.4]
Farmer's Delight [1.20.1-2.2.5+refabricated]
FastQuit [3.0.0+1.20+]
FerriteCore [6.0.1]
Forge Config API Port [8.0.1]
Game Discs [0.3.1-fabric]
GeckoLib 4 [4.7]
Genshin Instruments [4.0.2]
GlitchCore [0.0.1.1]
Grappling Hook Mod [1.99.0+1.20.1.beta.fabric]
Hex Casting [0.11.2]
Icarus [2.10.0]
ImmediatelyFast [1.3.4+1.20.4]
Indium [1.0.34+mc1.20.1]
Infinity Buttons [4.0.5-mc1.20.1]
Info Tools [1.2.1]
Inline [1.20.1-1.0.2]
Iris [1.7.5+mc1.20.1]
Item Collectors [1.1.10]
JamLib [0.6.1+1.20.x]
Just Hammers [2.0.4+mc1.20.1]
Krypton [0.2.3]
LabUtils [1.5.1]
Lavender [0.1.9+1.20]
Let Me Despawn [1.4.4]
Lithium [0.11.3]
Lock & Block [0.6.1]
Lodestone [IRyjw8OM]
Lootr [0.7.35.85]
MCPitanLib [3.1.4-1.20.1-fabric]
ME Requester [1.20.1-1.1.4]
Malum [1.20.1-1.6.3.0b-fabric]
Markdown Manual [1.2.5+c3f0b88]
Megane [20.1.2]
Memory Leak Fix [1.1.5]
MineMath [2.0.0-1.20.1]
Missiles [0.2]
Mod Menu [7.2.2]
ModMenu Badges Lib [2023.6.1]
Modern Delight [0.5.4+1.20.1]
ModernFix [5.20.2+mc1.20.1]
Moonlight [1.20-2.13.55]
Mouse Tweaks [2.26]
Moving Elevators [1.4.10]
NEEPMeat [0.10.1-beta+1.20.1]
Nature's Compass [1.20.1-2.2.3-fabric]
Noisium [2.3.0+mc1.20-1.20.1]
Open Block Elevator Mod [0.0.3-1.20.1]
PAUCAL [0.6.0+1.20.1-fabric]
Particular [1.1.1]
Patchouli [1.20.1-84-FABRIC]
Plethora [1.11.7]
Polymorph [0.49.8+1.20.1]
Porting Lib [2.3.8+1.20.1]
Powah! [5.0.8]
Presence Footsteps [1.10.1+1.20.1]
Reese's Sodium Options [1.7.2+mc1.20.1-build.101]
Replay Mod [1.20.1-2.6.21]
Resourceful Lib [2.1.29]
Resourcefulconfig [2.1.2]
Right Click Harvest [3.2.3+1.19.x-1.20.1-fabric]
Ring of Flight [0.0.3]
Roughly Enough Items [12.1.785]
Runelic [18.0.2]
Satin [1.14.0]
Scannable [1.7.12+18ccb75]
ServerCore [1.5.2+1.20.1]
Simple Voice Chat [1.20.1-2.5.27]
Sodium [0.5.11+mc1.20.1]
Sodium Extra [0.5.4+mc1.20.1-build.115]
Solar Panels [1.0.0+1.20-1.20.1]
Sophisticated Backpacks [1.20.1-3.21.2.1.81]
Sophisticated Core [1.20.1-1.0.8.1.119]
Sound Physics Remastered [1.20.1-1.4.8]
Sprinklerz [0.5.1]
SuperMartijn642's Config Lib [1.1.8+a]
SuperMartijn642's Core Lib [1.1.18+a]
Sushi Bar [0.2.2+1.20]
SwitchCraft Peripherals [1.10.5]
Sync (Fabric) [4.3+rev.47533cf-dirty]
TAF - Trans armed forces [1.4a-alpha]
TIS-3D [1.7.7+354a583]
TNT Timer [3.0]
Tempad [2.3.4]
TerraBlender [3.0.1.7]
Thornscapes [2.2.0]
Tiny Mob Farm [1.4-1.20.1]
Tom's Peripherals [1.3.0]
ToolTip Fix [1.1.1-1.20]
Trinkets [3.7.2]
UI Lib [0.3.5]
UniversalWrench [0.0.4]
Wakes [0.4.0+1.20.1]
Waystones [14.1.6]
What Are They Up To [1.20.1-1.1.3]
Xaero's Minimap [25.0.0]
Xaero's World Map [1.39.2]
YUNG's API [1.20-Fabric-4.0.6]
YetAnotherConfigLib [3.6.2+1.20.1-fabric]
Zenith [1.2.4-1.20.1]
Zenith Attributes [0.2.10]
Zipline [1.1.2+1.20.1]
Zoomify [2.14.2+1.20.1]
[Let's Do] API [1.2.15]
[Let's Do] Bakery [2.0.4]
[Let's Do] Beachparty [1.1.5]
[Let's Do] Brewery [2.0.4]
[Let's Do] Camping [1.0.4]
[Let's Do] Farm & Charm [1.0.5]
[Let's Do] HerbalBrews [1.0.10]
[Let's Do] Vinery [1.4.38]
beetlebox [1.2]
fakerlib [0.1.4]
jessemood [1.0-SNAPSHOT]
oωo [0.11.2+1.20]
silly mod teehee [alpha-4-1.20.1]
wthit [8.16.1]

[ProtoSebastian]

came back to this and saw the "reached_positions" attribute was the problem, it allows for duplicates and so can grow infinitely when a rogue Oroboros is formed. what is this attribute used for? if it isn't essential then it shouldn't allow for duplicates so it's only limited to the maximum spell circle length, or limited in some other way.
This also means it really is optional to have a spell in the closed loop, but I guess it's a good way to keep track of how many loops it took?
This could become a problem when someone innocently uses the spell circles for an infinite while loop using this idea and a Mason Directrix, or attempts a funny particle accelerator but leaves it on like me

[ProtoSebastian]

I believe this PR is talking about this same issue and is a fix
#866