Headline
No new features this time, just cleanup. This is also Fable's (Mythos) first few commits on the repository, with a full codebase audit. Got a lot done android wise, along with a nice fix on older generated BattleShip.o2r's causing issues with an update on the game. This one is pretty heavy and fun to read through some of these commits. Full tally below. For the near future, I'd like to focus dev time on a nice big new feature.
Fable's Bug Fixes:
libultraship
- Metal heap overflow (critical, macOS): DrawTriangles had no bounds
check on the per-frame vertex pool — draw-heavy frames silently wrote past
a 4.9 MB buffer. Now guarded (drops the draw + logs). - Metal GPU leak: one MTLDepthStencilState leaked per depth-mode change
(constant churn in this game). Released properly. - Crash on texture-replacement miss: all 12 ImportTexture* paths
dereferencedmMaskedTextures.find()->secondunguarded. Guarded helper. - WASAPI use-after-free (Windows): device-change callback never
unregistered; Windows could call into a destroyed audio player. - Texture cache perf: hash used only the address; bump-heap address
reuse degraded lookups toward linear scans. Now hashes all key fields.
Port layer
- Coroutine stacks get mmap PROT_NONE guard pages (macOS/Linux/Android):
stack overflow is now an immediate diagnosable SIGSEGV instead of silent
heap corruption. Plus destroy-while-running guards (POSIX UAF / Win32
thread-kill) and thread_local current-coroutine pointers. - Crash handler hardening: the frame-pointer walk now probes memory
readability (write-to-/dev/null EFAULT trick) before dereferencing — a
corrupt chain used to re-fault with the signal blocked → silent SIGKILL,
no log. - POSIX shell quoting in first-run extraction (
$/backticks in paths),
save-file padding failure handling, realloc-OOM in the reloc pointer
table, halfswap-range dedup on the per-joint hot path, deleted a dead
root os.cpp that duplicated pre-bugfix controller code. - Windows updater anchored to the install dir (was CWD — broken for
Start-Menu launches) + download-URL validation. - Audio bridge: ADPCM book field validation (heap overrun on corrupt
CTL data), per-player BGM buffer allocation. - GUI/hires: operator-precedence bug in dump dedup, racy CRC table
init, ImGui menu empty-vector/null-tooltip crashes, int-overflow guard
in CSS asset conversion.
Android
- Use-after-free across Activity relaunch: touch-overlay virtual
joystick statics survived SDL_Quit; first touch after relaunch hit a
freed handle. Now reset in PortShutdown. - 64 MB leak: Torch's Companion singleton (holding the whole ROM)
leaked into the game process after extraction. Freed. density|fontScaleadded to configChanges (multi-window density change
was recreating the Activity mid-frame), ACTION_CANCEL stuck-stick fix,
InputManager-listener + menu-poller lifecycle leaks fixed, staged ROM
actually deleted post-extraction, display bounds queried instead of
hardcoded 1080p.
And one nice little fix from GPT 5.5
Full Changelog: v1.2...v1.3