Sanitise BVM_MOVEACTOR / BVM_ROTATEACTOR float params#237
Merged
Conversation
A script-supplied NaN/Inf X/Y/Z or Yaw would otherwise be persisted into the actor record and broadcast on P_RepositionActor to every receiving client. NaN positions poison spatial code (collision, LOD culling, EntityDistance#); NaN yaw poisons rotation matrices. Mirror the P_InventoryUpdate "D" drop-item flow (ServerNet.bb ~1467) which already applies ClampWorldCoord# to AI\X/Y/Z before persisting into a DroppedItem. - BVM_MOVEACTOR: ClampWorldCoord# on X/Y/Z - BVM_ROTATEACTOR: ClampSaneFloat# on Yaw (the WorldCoord clamp would reject legitimate >2pi yaws since WorldCoordMax is set for world-space distances; ClampSaneFloat is permissive enough for any valid yaw but still rejects NaN/Inf/extreme magnitudes) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 25, 2026
CoreyRDean
added a commit
that referenced
this pull request
May 27, 2026
docs/modules/scripting.md (the already-existing runtime-half overview) references docs/modules/scriptingcommands.md as the implementation- half companion -- but the file didn't exist. Dangling link surfaced during iteration #38 recon. Wrote the module-level overview for ScriptingCommands.bb (~3300 lines, 222 BVM_* functions): * File-structure section table (~50-3300 grouped by theme: privilege helpers / actor lifecycle / items / spells / attributes / party / output / persistence / UDP). Refresh trigger when reorganization happens; navigation aid, not strict spec. * Privilege gating section consolidates the four CLAUDE.md gate categories, the clicker-handle trap (`SI\AI = Handle(clicker)` for Examine/Trade/RightClick/ItemScript), and the full currently-gated brick-vector cluster (11 functions with their threat shapes). * Dead-API surface (BVM_SETOWNER + BVM_SCENERYOWNER) -- references PR #297's stack-balance sentinel fix and the opcode-stability rationale for keeping the contract entries alive. * Float / integer hardening overview -- ClampWorldCoord# / ClampSaneFloat# and the bounds-check-before-array-index pattern. * Handle-Null discipline -- the canonical entry pattern that every BVM body must follow (Object.X(handle) returns Null for stale handles). * "Adding a new BVM function" three-file-lockstep procedure (ScriptingCommands.bb impl + RC_Standard_Invoker.bb contract + dispatch Case + RC_Standard.bcs compile-time twin), the alphabetical-opcode-shift gotcha, and the privilege-gate decision tree. * Notable historical hardening table cross-referencing PRs #260, #237-#239, #246-#248, #233/#234, #300, #301, #304. * Related-modules section linking back to scripting.md / bvm-reference.md / RC_Standard_Invoker.bb / RC_Standard.bcs / ServerNet.bb / BVMPrivilegeGateTest.bb / CLAUDE.md. Closes the dangling-link gap; future scripting.md readers now have a landing page for the implementation half. rc_standard_invoker.md is still a dangling link from scripting.md -- deferred to a separate iteration (it's more arcane; the BVM-reference auto-gen already covers the user-facing API surface). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
A script-supplied NaN/Inf X/Y/Z or Yaw would otherwise be persisted into the actor record and broadcast on
P_RepositionActorto every receiving client. NaN positions poison spatial code (collision, LOD culling,EntityDistance#); NaN yaw poisons rotation matrices.Mirror the
P_InventoryUpdate "D"drop-item flow (ServerNet.bb ~1467) which already appliesClampWorldCoord#toAI\X/Y/Zbefore persisting into a DroppedItem.Fix
BVM_MOVEACTOR:ClampWorldCoord#on X/Y/ZBVM_ROTATEACTOR:ClampSaneFloat#on Yaw (the WorldCoord clamp would reject legitimate >2pi yaws sinceWorldCoordMaxis set for world-space distances;ClampSaneFloatis permissive enough for any valid yaw but still rejects NaN/Inf/extreme magnitudes)Test plan
compile.bat -tcleanCo-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com