ye

Author: Axp3cter

README.md

@@ -16,7 +16,7 @@ Schemas, packets, queries, groups, validation, rate limiting. Every send batches
 Wally — add to your `wally.toml`:
 
 ```toml
-Lync = "axp3cter/lync@2.3.2"
+Lync = "axp3cter/lync@2.3.3"
 ```
 
 npm (roblox-ts):

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@axpecter/lync",
-    "version": "2.3.2",
+    "version": "2.3.3",
     "description": "Buffer networking for Roblox. Delta compression, XOR framing, built-in security",
     "main": "src/init.luau",
     "types": "src/index.d.ts",

src/api/Packet.luau

@@ -152,15 +152,13 @@ function Packet.define<T>(
                 local payload = scratch.buff
                 local payloadLen = scratch.cursor
                 local server = Transport.server()
+                local getChannel = if isUnreliable
+                    then server.getUnreliableChannel
+                    else server.getReliableChannel
                 -- Channel.writeBatchEncoded is hot-swapped by enableStats; re-read per call.
                 local writeBatchEncoded = Channel.writeBatchEncoded
                 for i = 1, count do
-                    writeBatchEncoded(
-                        server.getChannel(players[i], isUnreliable),
-                        reg,
-                        payload,
-                        payloadLen
-                    )
+                    writeBatchEncoded(getChannel(players[i]), reg, payload, payloadLen)
                 end
                 Shared.releaseScratch()
                 bumpFires()

src/api/Query.luau

@@ -44,10 +44,10 @@ local function writeQueryTracked(
 ): ()
     if Channel.statsEnabled() then
         local before = ch.cursor
-        Channel.writeQuery(ch, reg.id, corrId, codec, data)
+        Channel.writeQuery(ch, reg.id, corrId, codec, data, reg.name)
         reg.bytesSent += ch.cursor - before
     else
-        Channel.writeQuery(ch, reg.id, corrId, codec, data)
+        Channel.writeQuery(ch, reg.id, corrId, codec, data, reg.name)
     end
 end
 

src/api/Signal.luau

@@ -17,11 +17,16 @@ local _freeThread: thread? = nil
 
 -- Private ----------------------------------------------------------------
 
+-- pcall wrapper: a handler error must not consume the recycled thread, otherwise
+-- every subsequent fire pays a coroutine.create until process restart.
 local function passer(fn: (...any) -> (), ...): ()
     local thread = _freeThread
     _freeThread = nil
-    fn(...)
+    local ok, err = pcall(fn, ...)
     _freeThread = thread
+    if not ok then
+        task.spawn(error, err)
+    end
 end
 
 local function yielder(): ()

src/codec/Base.luau

@@ -7,7 +7,7 @@ local Types = require(script.Parent.Parent.Types)
 
 -- Constants --------------------------------------------------------------
 
-local DEFAULT_MAX = 262144
+local DEFAULT_MAX = 1048576
 local INITIAL_BUF = 1024
 
 -- State ------------------------------------------------------------------

src/codec/composite/Array.luau

@@ -53,7 +53,7 @@ local function makeBoolArray(
         write = function(ch: Types.ChannelState, value: { boolean }): ()
             local len = #value
             varintWrite(ch, len)
-            packBoolArray(ch, value, len)
+            packBoolArray(ch, value, len, if len > 0 then boolBytes(len) else 0)
         end,
 
         read = function(src: buffer, pos: number, _refs: { Instance }?): ({ boolean }, number)
@@ -69,7 +69,7 @@ local function makeBoolArray(
                 Log.error(`payload {byteCount}B exceeds remaining buffer`)
             end
             local result = table.create(len, false)
-            unpackBoolArray(src, dataStart, len, result)
+            unpackBoolArray(src, dataStart, len, result, byteCount)
             return result, lenBytes + byteCount
         end,
     }
@@ -157,6 +157,11 @@ local function makeGenericArray(
             if len == 0 then
                 return {}, lenBytes
             end
+            -- Every element occupies at least 1 byte; len > remaining is
+            -- unambiguously corrupt and would OOM table.create otherwise.
+            if len > bufLen(src) - (pos + lenBytes) then
+                Log.error(`array length {len} exceeds remaining buffer`)
+            end
 
             local result = table.create(len)
             local total = lenBytes
@@ -415,22 +420,28 @@ function Array.deltaArray(
                 if cLen == 0 then
                     Log.error("truncated deltaArray change count")
                 end
-                -- changeCount is also bounded by newLen: every index appears at most once.
                 if changeCount > newLen then
                     Log.error(`deltaArray changeCount {changeCount} exceeds newLen {newLen}`)
                 end
                 total += cLen
 
+                -- The writer marks every appended index (cachedLen+1 .. newLen)
+                -- as changed; the reader must enforce this so the wire can't
+                -- ship a holey baseline that breaks #result downstream.
+                local appendedNeeded = if newLen > cachedLen then newLen - cachedLen else 0
+                local appendedSeen = 0
+
                 for _ = 1, changeCount do
                     local idx, iLen = varintRead(src, pos + total)
                     if iLen == 0 then
                         Log.error("truncated deltaArray index")
                     end
-                    -- Reject out-of-range idx so the wire can't poison the cache with
-                    -- arbitrary keys that survive truncation.
                     if idx < 1 or idx > newLen then
                         Log.error(`deltaArray index {idx} out of range [1, {newLen}]`)
                     end
+                    if idx > cachedLen then
+                        appendedSeen += 1
+                    end
                     total += iLen
                     local v, vc = element.read(src, pos + total, refs)
                     if vc == 0 then
@@ -440,6 +451,12 @@ function Array.deltaArray(
                     result[idx] = v
                 end
 
+                if appendedSeen ~= appendedNeeded then
+                    Log.error(
+                        `deltaArray PATCH grew length to {newLen} but only {appendedSeen}/{appendedNeeded} appended indices supplied`
+                    )
+                end
+
                 for i = newLen + 1, cachedLen do
                     result[i] = nil
                 end

src/codec/composite/Map.luau

@@ -21,9 +21,11 @@ local DM_DIFF = 2
 --[[
     Depth-stacked key scratch. A nested Map.write (Map<K, Map<K2, V>>) would
     clobber a single shared array mid-iteration; the stack gives each frame
-    its own slot. Mirrors Shared.acquireScratch / releaseScratch.
+    its own slot. _keyTails parallels _keyStacks because `#keys` after
+    `keys[count] = k` is undefined when count < the prior count.
 ]]
 local _keyStacks: { { any } } = {}
+local _keyTails: { number } = {}
 local _keyDepth = 0
 
 -- Private ----------------------------------------------------------------
@@ -73,23 +75,23 @@ local function sortKeys(keys: { any }, canSortDirect: boolean): ()
     end
 end
 
---[[
-    Acquire a scratch keys array, populate it from `value`, nil any leftover
-    tail entries from a prior reuse, then sort. Returns the keys array and
-    the populated count. Caller MUST releaseKeys() after consuming the keys.
-]]
 local function collectAndSortKeys(value: { [any]: any }, canSortDirect: boolean): ({ any }, number)
     local keys = acquireKeys()
+    local prevTail = _keyTails[_keyDepth] or 0
     local count = 0
     for k in value do
         count += 1
         keys[count] = k
     end
-    local prevTail = #keys
-    for i = count + 1, prevTail do
-        keys[i] = nil
+    if count < prevTail then
+        for i = count + 1, prevTail do
+            keys[i] = nil
+        end
+    end
+    _keyTails[_keyDepth] = count
+    if count > 1 then
+        sortKeys(keys, canSortDirect)
     end
-    sortKeys(keys, canSortDirect)
     return keys, count
 end
 
@@ -163,6 +165,11 @@ function Map.map(
                 if payloadBytes > bufLen(src) - (pos + lenBytes) then
                     Log.error(`payload {payloadBytes}B exceeds remaining buffer`)
                 end
+            elseif count > 0 then
+                -- Variable-size: each pair is at least 2 bytes (key + value).
+                if count * 2 > bufLen(src) - (pos + lenBytes) then
+                    Log.error(`map count {count} exceeds remaining buffer`)
+                end
             end
 
             local result: { [any]: any } = {}
@@ -419,14 +426,19 @@ function Map.deltaMap(
                 local result: { [any]: any } = table.clone(cached)
                 local total = 1
 
+                local cachedSize = 0
+                for _ in cached do
+                    cachedSize += 1
+                end
+
                 local removeCount, rcLen = varintRead(src, pos + total)
                 if rcLen == 0 then
                     Log.error("truncated deltaMap remove count")
                 end
-                -- Both counts bounded by maxCount; otherwise a malicious DIFF
-                -- could spin the loop arbitrarily long before erroring on
-                -- buffer overrun.
                 enforceMaxCount(removeCount, maxCount, "removeCount")
+                if removeCount > cachedSize then
+                    Log.error(`deltaMap removeCount {removeCount} exceeds cached size {cachedSize}`)
+                end
                 total += rcLen
                 for _ = 1, removeCount do
                     local k, kc = keyCodec.read(src, pos + total, refs)
@@ -442,6 +454,10 @@ function Map.deltaMap(
                     Log.error("truncated deltaMap change count")
                 end
                 enforceMaxCount(changeCount, maxCount, "changeCount")
+                -- Joint bound: post-DIFF size can't exceed maxCount either.
+                if maxCount and (cachedSize - removeCount + changeCount) > maxCount then
+                    Log.error(`deltaMap DIFF would grow map past maxCount {maxCount}`)
+                end
                 total += ccLen
                 for _ = 1, changeCount do
                     local k, kc = keyCodec.read(src, pos + total, refs)