fix: wired double-fire guard, RoomUnit path race, roomItems iteration, Netty CVE

mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-19 15:06:19 +00:00

Continuation of the concurrency hardening from the audit:
- InteractionWired/WiredHandler (E4): add an atomic per-box processing guard so
  one trigger box is handled by a single thread at a time, making the cooldown
  check-and-set effectively atomic; mark `cooldown` volatile. Prevents a packet
  thread and the room cycle thread from double-firing the same wired stack
  (double teleport/reward).
- RoomUnit (C1): the walk path is now a volatile ConcurrentLinkedDeque instead of
  a plain LinkedList, so the room cycle popping steps can't corrupt it while a
  walk packet rebuilds it via findPath/setPath.
- RoomItemManager (C2): iterate roomItems under its own monitor in getFloorItems/
  getWallItems/getPostItNotes/getUserUniqueFurniCount/getItemsAt, matching the
  existing put/remove sync sites — stops place/pickup from corrupting the
  traversal into a silently-incomplete item set.
- pom.xml (S4): bump netty-all 4.1.115 -> 4.1.118.Final (CVE-2025-24970 SslHandler
  pre-auth DoS, CVE-2025-25193).

This commit is contained in:

simoleo89

2026-06-09 11:11:56 +00:00

parent d1570d3574

commit 01c17c0511

5 changed files with 112 additions and 66 deletions

									
										Emulator/pom.xml
									
		+1
		-1
	
												View File
												
				@@ -83,7 +83,7 @@

				        <dependency>

				            <groupId>io.netty</groupId>

				            <artifactId>netty-all</artifactId>

				            <version>4.1.115.Final</version>

				            <version>4.1.118.Final</version>

				        </dependency>

				        <!-- GSON -->