So… it’s been quite a while since I’ve made any updates here. I had taken a bit of a hiatus for other projects, including Tetranet and CTMod, and some personal time. But that doesn’t mean there has been no progress, and I am starting to make another push to turning this into a real game. I updated the log system to load from JSON files instead of the primitive system I had before, this should make it much more flexible and easier to add new logs and link them objectives. In addition, I’ll also be adding in emails that you will receive from characters periodically. Of course, you will still interact with some of them in real time, and the dialog system is also loaded in a similar way: [image: 1742149385217-3ad0946c-f678-4e09-ba81-1b2b5d4f6439-image.png] I’m also going to be introducing a bit more of an RPG element with certain stats. Accuracy is a new stat that will affect how likely you are to hit or do critical damage to a target. And targeting is in fact a gameplay mechanic now: [image: 1742149663766-f1ccba6e-004e-4e4b-96d5-858ae4e7ac1a-image.png] The mouse cursor is now context sensitive and will turn into a target over enemies, or a hand when pointing at items or interactable elements of the environment. [image: 1742149769135-b334e659-e2af-423d-9fcc-432486c3f4a4-image.png] Finally, the main menu got a revamp. Using a more consistent font to fit in Save as well as Load into the menu. Saving partially works and creates thumbnails of where you currently are in the environment. [image: 1742149794214-01f22173-044d-4ec5-91e1-f8399e7d6614-image.png] [image: 1742150072033-1bd5dbef-4602-4fd6-b6ca-a54e0dbda3b9-image.png] I’m using the jsonpickle module to save all of the objects I need to keep track of - the player itself, equipment and inventory, and state of the world objects and entities. A bit more work to actually load everything back in to the engine… I’ve put this off for literally years, so fingers crossed it all goes smoothly and I can go to the next step of actually creating game content. It is still a bit tedious to add new images and objects into the world, but I at least do have a process. Now the main issue now is actually creating some new content so you have at least some variety to look while exploring. I will try my hand at creating some of it, like corpses (that you can possibly loot), labels that can go on walls to mark areas, and other enemy types. Will see how far that can get me. Hopefully it won’t be nearly as long for the next update… I still need to get a trailer going and finish setting up that Steam page! Goals maybe for next month, fingers crossed!

I queued up 3 weeks of social media posts in Fedica in prep for an imminent Demo announcement! It was 2 hours for 13 posts which is less than 10 minutes per to queue up (which is pretty good) but it discounts all the image/video collection time too The less glamorous part of gamedev -_- I mean: look at all them! https://x.com/breadbros https://bsky.app/profile/breadbros.com https://mastodon.gamedev.place/@breadbros https://www.instagram.com/breadbros_games https://www.threads.net/@breadbros_games https://www.tiktok.com/@breadbros_games https://www.youtube.com/@BreadbrosGames Oh also did some build system work and tried (unsuccessfully) to diagnose the OSX auto-crash problem

Been a long time for updates, I’ve gone onto several other games projects since my last few posts, and while those are fun I’m actually here to talk about something slightly more boring but possibly useful enough to share the code/pdf! For work I end up taking a lot of notes in notebooks, but one of my peeves about that is I often end up with so many notes that I burn through notebooks fast. Fast enough that I’ve decided I’m going to just print and bind my own damn notebooks (Some of the ones my wife got me on some sale deal lately are smaller than normal, so I burn through one notebook in about 2-3 weeks, they came as a pack of like 10 or so little notebooks, but it’s kind of bothersome to have to swap notebooks that often because it means I might have to reference something across multiple little notebooks. Part of having a notebook of course is having lined paper to print onto the copy paper in order to have some lines to write on, if I don’t do that my writing will warp all over the page. You can find resources for printing lined paper all over the place, but the slight issue I have is that usually they’re meant for printing onto a solid 8.5x11 inch sheet of paper, which isn’t conducive to binding together into a notebook. What I want is to basically print something sideways onto an 8.5x11 sheet, so that I can just fold it in half, stack a bunch together, and staple them together into a notebook segment like you might see in one of those fancy schmancy traveler’s notebooks. So to do this, I decided I may as well use LaTeX, it’s a tool I’ve used on and off over the past 10 or so years to make various pdfs of stuff. I found this resource for how to make lined paper using LaTeX and tikz: https://michaelgoerz.net/notes//printable-paper-with-latex-and-tikz/ It’s a good resource, and it got me 99% of the way there! What I did was I took his college ruled letter size page: pdf download, tex source And then copied out the college ruling, and then turned it sideways to landscape, added little date lines at the top left and right sides of the sheet of paper, and then duplicated all that to be on a second page too (because when printing multiple copies, a printer does not want to duplex print the same document onto each side of the page, for whatever reason when test printing it decided to just spawn a new page entirely for each copy of a 1-page document. Yeah I guess that makes sense when you normally print multiple copies of a document, but that means we need to have two identical pages in our pdf in order to print it properly) So here’s the code: \documentclass[letterpaper, 10pt,landscape]{article} %for letter size paper %215.mm x 279.4mm \usepackage{tikz} \begin{document} \pagestyle{empty} %page 1 \begin{tikzpicture}[remember picture, overlay] \tikzset{normal lines/.style={gray, very thin}} %draw date lines \node at (current page.south west){ \begin{tikzpicture}[remember picture, overlay] %left side date \draw[style=normal lines] (0.15in,8.0in)--(0.55in,8.0in); \draw[style=normal lines] (0.65in,8.0in)--(1.05in,8.0in); \draw[style=normal lines] (1.15in,8.0in)--(1.55in,8.0in); %right side date \draw[style=normal lines] (9.45in,8.0in)--(9.85in,8.0in); \draw[style=normal lines] (9.95in,8.0in)--(10.35in,8.0in); \draw[style=normal lines] (10.45in,8.0in)--(10.85in,8.0in); \foreach \y in {0.71,1.41,...,19.81} \draw[style=normal lines](0,\y)--(11in, \y); %\draw[style=normal lines] (1.25in,0)--(1.25in,11in); \end{tikzpicture} }; \end{tikzpicture} \pagebreak %page 2 \begin{tikzpicture}[remember picture, overlay] \tikzset{normal lines/.style={gray, very thin}} %draw date lines \node at (current page.south west){ \begin{tikzpicture}[remember picture, overlay] %left side date \draw[style=normal lines] (0.15in,8.0in)--(0.55in,8.0in); \draw[style=normal lines] (0.65in,8.0in)--(1.05in,8.0in); \draw[style=normal lines] (1.15in,8.0in)--(1.55in,8.0in); %right side date \draw[style=normal lines] (9.45in,8.0in)--(9.85in,8.0in); \draw[style=normal lines] (9.95in,8.0in)--(10.35in,8.0in); \draw[style=normal lines] (10.45in,8.0in)--(10.85in,8.0in); \foreach \y in {0.71,1.41,...,19.81} \draw[style=normal lines](0,\y)--(11in, \y); %\draw[style=normal lines] (1.25in,0)--(1.25in,11in); \end{tikzpicture} }; \end{tikzpicture} \end{document} Run that bit through pdflatex and you get two pages that look like this (can’t upload the pdf because of reasons…) [image: 1725544696714-3253dbcb-6bba-47e2-96a0-233d03555280-image.png] Print them duplex, flipping on the short side (since this is landscape) and then presto, you got a double sided sheet with lines that you can print a bunch of and then fold and staple to make your own notebooks. I haven’t run all the numbers here on cost savings but I think it’s safe to say that when you get 1500 sheets of copy paper off amazon for $23 it’s going to be cheaper to make 1500x4 pages of notebook paper (remember we’re talking the 8.5x6.5 sheet from folding the 8.5x11 in half, roughly equivalent perhaps to an A5?) than it is to buy that many pre-made refills of a notebook. In fact some of the inserts I’ve finding for traveler’s are even narrower than these, running 8.25x4.25, so this may even be bigger sheets of paper!

@thinice stop being so hammy about the ham, fam

Fixed and verified. Apologies again for the broken account verification emails (if you got one)

Hi! It’s been a while! I haven’t posted in a while, I might try to write a proper full blog post at some point. But for now, I thought I’d do a little “Happy Holidays” post and share something neat I’ve been working on: [image: 1671703106634-2b33b46d-3599-43b5-97cd-7a80ef3c32a2-image.png] [image: 1671703112249-56e02c3b-0638-4381-aa79-412679de0515-image.png] [image: 1671703121442-56a43063-de48-48fd-bb91-b847224fcf8b-image.png] [image: 1671703130442-c75631d5-5808-46bd-bcae-5ccb3ebb6cc6-image.png] [image: 1671703151199-4591cb37-ab84-403b-b149-da78824b9d2e-image.png][image: 1671703220839-6e6c1ac3-c16a-4b37-a3f3-73b93c49035b-image.png] [image: 1671703336943-2c09a9d8-0408-4b03-ab74-5b4f91c85f06-image.png] [image: 1671703531699-91e369a9-24e8-47f5-9110-349fb6371d97-image.png] [image: 1671703585609-e3f53eb0-b77a-4fa9-9bf5-00c0432d870b-image.png] These are screenshots from an in-the-browser version of Verge 3, running a few games I’ve tested/gotten working with it. It’s built on top Emscripten, and targets a WASM binary. Only tested in Chrome, but should probably work in Firefox too – needs a fairly modern browser to support the features it needs to run, like audio worklets. Some of these aren’t even compatible under the newest Verge, so this was simultaneously a project to port to the web, and to add compatibility configs to Verge so that it could open older versions. Try it out: https://make.vg/v3wasm/wip-2022-12-22/ (fingers crossed the bandwidth for this isn’t going to be too heavy and melt down my poor server, these are pretty big downloads, but we’ll try it for now!) The source branch is here: https://github.com/verge-rpg/verge3/tree/ovk-wip-3.2-wasm-2022   Thanks to the work already done by Andy Friesen on v1wasm + v2wasm (Verge Archive: https://andyfriesen.com/verge-archive/) a lot of stuff was already figured out. This builds off that, makes some improvements, and also solves more problems unique to V3. I’d eventually like to merge it in with the rest of the Verge Archive page. It would potentially be neat to cut a new desktop build when this is done, too. Basically, I undo the trunk changes after Verge 3.2 that removed VC in favor of only Lua + some other sweeping ‘kill legacy code’ changes that didn’t pan out. In hindsight, it was probably overambitious, and also didn’t anticipate that running old versions of Verge would become increasingly harder in newer OSes. I added a bunch of compatibility stuff to deal with incompatible versions of system.xvc – the sad part is, Verge 3 had a version in its system.xvc, but not once did we bump it as we changed the format. I guess the assumption there was we’d never want to run an xvc from an older version with a new one, you should always redistribute it with the verge.exe it was meant to be played with, and we’d always have source access to generate the xvc. But that doesn’t really work as great if you want to play those old versions years later, after the source was lost, and the version of executable they came with is maybe not working that well in newer Windows. There’s also some compatibility for compiling VC code, re-adding some language features that were previously removed, allowing a way to override the built-in library functions in user code (min, max, abs redefinition problems come up a lot), and ignoring duplicate definitions for some stuff (some games redefine things more than once, and it used to compile because it would ignore the second definition). Another thing is this uses SDL 2 instead of 1.3 like it used to for its SDL backends. This means it builds against something that actually has long-term support and unlike 1.3, SDL2 has a native wasm build provided with Emscripten. The Linux and Mac ports could benefit from the SDL 2 migration, if they were dusted off. The Linux build will no longer need X11 to do MessageBox since SDL provides its own implementation now, joysticks support hot-plugging in the SDL build. I implemented some window scaling stuff for the SDL version that previously was only done for the GDI windows version. Additionally, the WASM build of the game has an interesting thing where it will auto-escape slashes + lowercase all the paths you pass it as part of opening a file – it would be cool if we had a mode to let desktop builds also do this, so Windows-only games can be portable without changing the original game. One thing I’d really like to see is a way to run games from .zip. Then it wouldn’t need to prepare a manifest.txt (a file listing used by the web version can preload the files), since the listing could be taken directly from the zip directory structure, and the browser could fetch less things + have slightly more compression. (maybe not a big deal in light of GZIP’d http responses, but still, could be worth looking into). The other advantage, is the paths don’t need to be lower-cased. And overall, more games could be run as-is directly out of their archive, aside from potentially needing verge.cfg edits. Anyway, posting it in case so other people can check out / potentially help continue the effort! I’m going to be busy with holidays, and may need a break from this project. Still, I’m impressed what was possible in such a short time. I started this a couple weeks ago + plugged away at it on nights/weekends and a little bit on my break. Seeing this engine suddenly run these old games in the browser is kinda magic, I hope it can keep being improved!

Devlog 2022-11-13 continued Godot 4 migration got cutscenes playing again fixed game saving/loading fixed shadows discovered that _ready() works subtly differently now lots of fighting with UI various other fixes [image: 1668391981255-screen-20221113.jpg] You can actually get out of the house and talk to people again! The game crashes moments later when the shop interface attempts to load. Not a super exciting week to report on; just continued slogging through the update process. If nothing else, this process is helping me reacquaint myself with the code after not looking at it for a few months! Just a few miscellaneous notes this week… Godot 4 Changed _ready() In Godot, _ready() is called when the Node is, well, ready to start its set up (after all its children in the scene tree have completed their _ready() work). It’s where you do all your upfront initialization (usually), so it’s pretty important. In Godot 3, the _ready() defined in every class in your inheritance hierarchy gets called, in order, with your “local” _ready() being called last. This is different from how most function calls work, since they will call the “local” function and you have to explicitly call the super-class’s version by using .whatever(). In Godot 4, _ready() is no longer special (and instead of just using a bare . to call your super-class’s methods, you use super.) so you have to explicitly call super._ready() in your _ready() method. I actually think this is good! Consistency is great! It was just a surprise since that’s not how it worked before, and I only figured it out after some trial and error. … And Some Other Things There’s one other weird change that I’ve found, which I’m not as fond of. Classes in GDScript, especially in Godot 3, are a bit weird to work with as a data type themselves. It’s customary to override two particular functions, get_class() and is_class(), so that you can query what something is. They’d look something like extends Node class_name FooBar func get_class(): return "FooBar" func is_class(class_name): return class_name == get_class() or .is_class(class_name) which lets you write code like if thing.is_class(TheOneIWant):, allowing for inheritance etc etc. Well, anyway, in Godot 4 you can’t do that because get_class appears to be special now and you can’t actually override it. I’m not sure if this is intentional or a current bug! Anyway, turns out that the is keyword does what you need now anyway so there’s not really any real reason for doing all of this anymore anyway. You can just write if thing is TheOneIWant and it handles inheritance correctly. (I actually just popped open Godot 3.5 to see if I could figure out exactly how is works in Godot 3, but for some reason I couldn’t even get my test project to run and print anything at all to the console so if it’s worked this way all along, then I guess this more a note to myself than useful to anyone else.) UI Continues to Baffle Me I come from a web development background, primarily in frontend development, so it’s not that UI in general is mysterious to me but it always takes me several tries to get Godot’s UI system to do what I want. I’m glad the UI system is there, it’s quite capable! I just always have to fight it. Some combination of me using it in some bone-headed ways and some interesting decisions on the part of the auto-migration has led me to having to fix a lot of my menus and such to get them looking right again. I’m using the process to try to understand the theme system a bit better and actually, you know, use that instead of having a bunch of manual overrides everywhere. So again, probably for the better! It’s just work. The Show Goes On I’m getting impatient to get back to actually pushing the game forward. I don’t know I’ll manage that by next Sunday, but progress is progress. Have a great week! [original post on my devlog]

More NES emulation… We didn’t like how this other RPG game was rolling random encounters. It happened on the first step too often. Very annoying. I think there needs to be some kind of step counter setup with a minimum value… I don’t know how many games do that. Is it possible they have arranged the statistics so that low rolls are less common? I haven’t checked this in a while. This game has 4 terrain types, and up to 4 encounters per terrain type; on top of that it is organized into zones in the world map (thus further-away zones have harder encounter sets). There is only one monster per encounter, so encounter type = monster type. The data is organized this way: struct EncounterDataForWorldZone { byte chances[4][4]; byte monsters[4][4]; } EncounterDataForWorldZone encounterData[N]; //N zones in the game, N unknown Now, for each step, the game gets a random number R from a flat distribution. It then considers chances[currterrain][0] = C as a C/256 chance of getting the encounter on that step. We see if R is less than C and do the encounter if so. Otherwise C is subtracted from the random number, so the next chance C’ from chances[currterrain][1] is a C’/(256-C) chance. And so on. Generally the chances near the beginning of the game where we were testing, is, I dont know, 16-20 or so. So it’s easy to see why we get too many encounters… and why they can happen on the first step so often. My first thought was to use the old “turn it into a normal distribution” trick by changing a 1d256 roll into a 2d128. This biases more normal rolls in the middle at the expense of rolls in the tails. So we did this for a while, and it felt okay… but we weren’t testing the whole game, and I got nervous. Let’s take a simplified scenario where we have 2 encounter chances, each of value 64. Now the original way it was done, each of those would be a 64 in 256 chance (1 in 256). Well, kind of, because of how the subtraction happens in the algorithm. Anyway with two dice, there’s fewer ways of rolling the smallest 64 numbers than there are the next 64 numbers (just like there’s only one way to roll a 2 on two dice but there’s many ways to roll a 7). And yet since they’re adding up to 128, the new probability distribution is centered on 128, and the absolute probability of an encounter is still the same! All we accomplished was to bias the selection to the later encounters. This would change the character of the game in a way we don’t really have time to test and scrutinize. So my romhacker came up with a better idea to add a tiny bit of logic to only do encounter checks on every other step. This way you won’t get them on successive steps under any circumstances, and we get the other desired result of just generally fewer encounters–precisely half as many, without having to grapple with the really thorny problem of how to do it, logically speaking, without affecting the design of the game by biasing certain encounters. Actually after a little more iteration we developed an approach to run it with any divisor so that I could give another option to reduce encounters by half again (so a divisor of 4) from the emulation menu, so people would feel a bit empowered to be masters of their own destinies instead of frustrated by the fixed design. (There’s also a cheat to disable encounters entirely)

Time to stop losing. I’ve been working on a game I titled “.V4MP1R3”. It is a single player, 2D, story driven game. I do not have any combat defined at this time, but I’d like it to be open ended and strategic. [image: 1665350535069-vsc1.png] [image: 1665350540347-vsc2.png] The main inspirations are: Shadowrun (universe) Cyberpunk (universe) Shadowrun SNES (lots of gameplay/gamefeel) Shadowrun Genesis (shares a lot of the same grittiness/gamefeel) Tibia MMO (Oblique 2D perspective) Ultima VI (Oblique 2D perspective) Fallout (excessive looting) This was also made for a gamejam semi-hosted on discord and I submitted around the end of September deadline. So version 0.0.1 on windows was birthed here: https://drive.google.com/file/d/1b7FPniLAQ5r9lTYaxR9lwF-b6z_bCW01/view?usp=sharing I plan on doing another release at the end of the month to keep up momentum. Until I have a newborn to care for which is coming up really soon!!

June devlog time! During the month of June, I submitted The Mangotronics Employment Collection to Steam for review. I was finally able to get whitelisted for a Steamworks publisher account after a bunch of annoying back-and-forth, setting up a business bank account and all that fun stuff. Here’s the bulleted list of my accomplishments this month. What I Did: Got a Steam publisher account Added 3 new games to the collection (signed 2 more contracts) Did a lot of planning and re-prioritization of tasks Updated the web site & published 3 minor updates to Itch.io Integrated the Steamworks API into the existing project Added achievements and Steamcloud support Submitted to Steam for review What I Need to Do: Monitor the results of Valve’s review process Make any necessary changes and resubmit Add another game and throw feature creep out the window Marketing marketing marketing… Testing testing testing… Press the Publish button The planned release is for July 22nd, and I’m stoked! I’ll follow up to this post with details on the above accomplishments hopefully before then.

(I don’t think this theme was ever public, but the content is real!)

2 Factor! Awesome! Pulling Verge into the 21st century kicking and screaming!

Just a small update that’s 2 weeks late. My fiancee’s younger sister (there’s a biiiig age gap between them) is only 14 and an AMAZING artist. In school she’s in a program where she’s been doing some pixel art and has fallen in love with it. She’s ridiculously good at it too. Unfortunately, I don’t have any of her pixel art, but I do have a few of her pieces screenshotted. [image: art.png] I remember having a conversation with her last year about her playing with Godot a bit in school, and she was given all these links so that she could do stuff at home. But, they didn’t have a computer at home. Out of the entire family, I think she relates to me most because she loves games, loves the idea of game development, is, again, a fantastic artist especially for her age, but just never had the resources at home to pursue it outside of school hours. Well, I upgraded my computer last year, so I had some spare parts. For her birthday this year, I bought a couple of other parts and ended up building her, her very own computer. Her Mom then bought her a monitor, and now she has a nice little PC setup she can mess around with. Last night she showed me some of the stuff she was working on and it was really cool. She’s played some of my old Verge games and other projects, and was picking my brain about a game idea she had. She already has the main character designed, showed me the pixel version she created, and it looks really good. I was really blown away. Not only that, she was telling me about the style of game, ideas she had for mechanics, and we kind of brainstormed together about what it would like/how it would play, etc. It was a lot of fun…and I remember thinking at her age was probably when I first started becoming interested in game dev, so it was just all around a cool thing. She asked if I would help her make this game, if she did all the art, would I be willing to help her with programming and making it come to life. I definitely did my best to set expectations for her…game dev is hard, it takes a long time, we might not finish it (as is our way), she may lose interest, etc. etc., but that I’ve been looking for a project, and would be happy to spend some time putting stuff together for her and helping her bring a vision to life. So, hopefully for the next post I’ll have some screens to show you, because I think you’ll all be pretty impressed with her work. Now, I’m excited too.

Ninkasi Bug Fixes I spent a bit of time hacking on Ninkasi code this weekend! I got rid of one terrible idea I implemented, replaced it with something much better, fixed one crash bug, and two potential coroutine-related memory leaks! Removing One Ugly Anti-feature First order of business was to change the object-function-call stupidity I put in there forever ago. It’s an anti-feature I never should have considered. Here’s how it went: An object can have values inside of it assigned to functions, like so: function testFunc(testValue) { print("Value passed in: ", testValue, "\n"); } var ob = object(); ob["foo"] = testFunc; Previously, these functions can be called like so: ob.foo(); When called in this manner, the object itself is inserted as the first argument to the function. This is roughly equivalent to the following code: { var _temp = ob.foo; _temp(ob); } And the output of this is, predictably: Value passed in: <object:0> The problem with this is that there’s no way to distinguish between when you want the object to be inserted as the first argument to a function and when you do not. My reasoning at the time I developed this “feature” was sketchy at best, so I finally got around to cutting it out. Now there is no special case considered for calling a function directly from an object’s field using ‘.’. Now this code… function testFunc(testValue) { print("Value passed in: ", testValue, "\n"); } var ob = object(); ob["foo"] = testFunc; ob.foo(); … is a runtime error, as it should be: error: test.nks:14: Incorrect argument count for function call. Expected: 1 Found: 0 To replace this feature, because still like some aspects of it, I have stolen and repurposed C’s indirection operator. The following code acts the way ob.foo() acted before: ob->foo(); Which is equivalent to: ob.foo(ob); This gets us back to the original result: Value passed in: <object:0> But now you get to decide if you want to call a function on an object without the object itself being added in as an argument, by using the -> or the .. One Crash Bug Callable Objects First, an explanation of the feature this affected: Callable objects in Ninkasi are a little oddity I thought it would be useful to throw in. It’s sort of a halfway point to actual closures. Objects may be called as functions through the use of specially-named fields. Take the following code: var ob = newobject; ob._exec = function(foo) { print("foo: ", foo, "\n"); }; ob._data = "blah blah blah"; ob(); The output of this code is: foo: blah blah blah It’s that simple. Set an object’s _exec field to a function, set an object’s _data field to a value, and you may call the object itself as though it were a function. This code… ob(); … is equivalent to this code… ob._exec(ob._data); You can even add extra arguments after the _data one, which is inserted first: var ob = object(); ob._exec = function(foo, bar) { print("foo: ", foo, ", ", bar, "\n"); }; ob._data = "blah blah blah"; ob("whatever"); Output: foo: blah blah blah, whatever The Bug This feature does, unfortunately, involve some weird shifting-around of stack data. This part wasn’t thought out super-well, so bare with me here. The setup for the function-call operator involves pushing the function ID onto the stack, followed by all the function arguments, followed by an integer indicating the number of arguments there are. Here’s what the stack will look like for a normal 3-parameter function call, at the time the call opcode executes (with stack indices relative to the top of the stack): index | value | type ------------------------------ -6 | ... | -5 | function-ID | function -4 | arg0 | any type -3 | arg1 | any type -2 | arg2 | any type -1 | 3 | integer We have the function ID, followed by the arguments, followed by an argument count. In order for the _data field to always be first, we need the stack to look like this: index | value | type ------------------------------ -7 | ... | -6 | function-ID | function -5 | _data | any type -4 | arg0 | any type -3 | arg1 | any type -2 | arg2 | any type -1 | 4 | integer That just involves inserting the _data into the stack, shifting everything forward by 1, and adding 1 to the argument count entry. I know this is probably tickling everyone’s inefficient-VM sense, but this feature was kind of an afterthought for my personal toy language, so be nice. Anyway, our bug today was in the code to shift the stack data around. The argument count coming into the function call opcode could be larger than the stack, and it would happily underrun the bottom of the stack, leading to your usual C buffer overrun/underrun type of error. That code is also not the prettiest code in the world, leading me to think I was either tired or in a rush when I wrote it. Let’s have a look… // Make room for the _data contents on the stack. nkiVmStackPush_internal(vm); // Shift everything up the stack. for(i = argumentCount; i >= 1; i--) { vm->currentExecutionContext->stack.values[ vm->currentExecutionContext->stack.size - argumentCount - 2 + i + 1] = vm->currentExecutionContext->stack.values[ vm->currentExecutionContext->stack.size - argumentCount - 2 + i]; } Yikes. How to Setup This Bug So here’s an interesting thing: You can’t. Well, let me be more clear, you can’t if you’re using the scripting language directly. This is purely a vulnerability exposed through the binary state snapshots. I haven’t actually reverse-engineered AFL’s crash output for this one, to be entirely honest, but my thinking is that the bad executable just pushes a bad argument count onto the stack before doing a normal callable-object call. The Fix First, I know what you’re going to say. How dare I not have a system in place to protect against these kinds of overrun/underruns, when it’s so easy to check for!? That usually comes after “why the hell are you using C89 for this project when it’s absolutely prone to these kinds of errors!?” followed by a recommendation that I switch to Rust. The thing is, though, I do have a way of safely interacting with the stack. I’m just not using it here because… uh… reasons? The stoage space allocated to the stack only doubles in size when it reallocates, so, given that the stack capacity is always a power of two, it’s pretty easy to just mask off the lowest some-number-of bits for stack indices going into the array. I even store that stack mask, and use it like I actually know what I’m doing in most spots! The fix (along with some much-needed cleanup) look like this: struct NKVMStack *stack = &(vm->currentExecutionContext->stack); struct NKValue *stackValues; nkuint32_t stackSize; nkuint32_t stackMask; nkuint32_t stackSizeMinusArguments; // Make room for the _data contents on the stack. nkiVmStackPush_internal(vm); stackValues = stack->values; stackSize = stack->size; stackMask = stack->indexMask; stackSizeMinusArguments = stackSize - argumentCount - 2; // Shift everything up the stack. for(i = argumentCount; i >= 1; i--) { stackValues[(stackSizeMinusArguments + i + 1) & stackMask] = stackValues[(stackSizeMinusArguments + i) & stackMask]; } This also throws in a few extra variables to cut down on those giant globs of indirection and indexing inside the loop, potentially offering a speedup on compilers that can’t optimize out those redundant operations (not that it’s a particularly fast piece of code to begin with). Memory Leaks I’m not going to get into too much detail with this one, because it’s pretty simple. A failure during coroutine creation would make the program allocate the storage space needed for the coroutine’s execution context (including stack, program counter, etc) and then fail to set the pointer to store it, causing it to leak. The fix is just to check for those failures and clean up the mess when it does. Memory still Tracked So with this leak still have a backup system in place for these. Allocations inside the VM are actually tracked and easily cleaned up during deallocation of the VM object itself. It’s not a C memory leak, it’s just a leak of VM address space, more or less. When the VM’s address space is exhausted, it will bail out with its own internal allocation error and can still be cleaned up by the hosting application. So as far as the stability of the hosting application is concerned, and in relation to potentially hostile script code, this isn’t a “real” threat. It does suck for long-running scripts, though. Final Thoughts AFL is great. Valgrind is awesome, too. All these issues found today were through those two tools. Thinking you can write secure code without them or some equivalent to them is hubris in its purest form. The issues with coroutine setup here are definitely showing my lack of testing after writing the coroutine code. The callable object issues are something I wasn’t expecting, because that code’s been in there forever. Ninkasi may never be perfect and vulnerability-proof, but at least it got a little bit closer today, and I’m pretty happy with that.

Week 9: Not Much This week I took time off from my personal projects and basically worked a lot and focused on Path of Exile. As a part of that, I did build a small simulator that modeled the damage output of the Path of Exile bleed mechanic, but it’s not something I plan to share with the world. Here’s a screenshot: [image: 1618803550244-858077a5-1de7-4222-9fa4-a4f66d5344b8-image.png] Next Week More of the same, I predict. I’m taking a brief break from game dev. But I wanted to continue posting here so it is easier for me to transition back into active dev work.

Work has been busy this week so not much to report. I did some work on a web framework to support downloading assets, script updates, and analytics for games post launch. Unity tilemap editing isn’t going to work out… it isn’t just isn’t mature enough yet. I’m kind of shocked to find that the state of tilemap editors isn’t really that great. I assumed “2D Tilemap Editor” would have a clear and amazing winner by now. For now we’re integrating Tiled into the workflow. Cheers