Skip to content

Implement bulletsync validation checks across various components#4989

Open
QueryOfficial wants to merge 1 commit into
multitheftauto:masterfrom
QueryOfficial:fix/weapon-bulletsync-validation
Open

Implement bulletsync validation checks across various components#4989
QueryOfficial wants to merge 1 commit into
multitheftauto:masterfrom
QueryOfficial:fix/weapon-bulletsync-validation

Conversation

@QueryOfficial

@QueryOfficial QueryOfficial commented Jun 30, 2026

Copy link
Copy Markdown

Summary

Adds server-side bullet sync + weapon aim validation to stop forged or flooded bullet-sync packets from being relayed before main-thread checks run.

  • Shared validation in SyncBulletsyncValidation.h — geometry (origin, segment, impact), damage fields, NaN/Inf, degenerate segments
  • CBulletsyncPacket, CSimBulletsyncPacket, CCustomWeaponBulletSyncPacket use shared helpers for consistent checks
  • CGame::Packet_Bulletsync / Packet_WeaponBulletsync validate before onPlayerWeaponFire and relay
  • CSimPlayerManager::HandleBulletSync runs the same validation + rate limit before sim broadcast (fixes early relay crash)
  • CPlayer::TryAcceptBulletsync() — max 25 bullet-sync packets / second per player
  • Weapon aim validation on puresync/keysync (main + sim thread) to block origin ≈ target crashes
  • Client defense-in-depth: CNetAPI::ReadBulletsync, CClientPed::SetTargetTarget
  • Docs: Server/mods/deathmatch/README.weapon-sync-guard.md

No netcode protocol changes.


Motivation

Cheats hook client SendBulletSync and can:

  • send many bullet-sync packets per physical shot (DamageDividier loops)
  • forge start/end vectors (non-finite, extreme trajectories, wall-shot muzzle offsets)
  • crash remote clients before onPlayerWeaponFire fires on the server

Root cause: the sim thread relayed PACKET_ID_PLAYER_BULLETSYNC before main-thread validation. Invalid packets reached nearby clients even when CBulletsyncPacket::Read() later rejected them.

This fix validates geometry and damage on both paths and drops packets before apply/relay. Rate limiting catches multi-packet spam per shot.


Test plan

Build this branch, use 2+ clients on a private test server.

Normal gameplay

  • Fire common weapons (pistol, SMG, sniper) at players/objects — hits, damage, and onPlayerWeaponFire behave as before
  • Shoot from vehicle and on foot — no false rejects at normal ranges
  • Remote player aim/animation looks correct for nearby observers

Attack regression (requires bullet-sync cheat / test hook)

  • Multi-packet spam: Single shot sending 10+ bullet-sync packets → nearby clients not crashed; excess dropped (25/s limit)
  • Forged trajectory: Wall-shot / extreme origin offset → packet rejected; no bogus hit on victim
  • Sim relay path: Shooter and victim near each other → invalid packets not relayed early by sim thread
  • onPlayerWeaponFire: Event fires only for accepted packets; no crash-before-event regression

Expected results

  • Cheat bullet-sync spam / forged geometry → blocked on main + sim thread; no remote crash
  • Normal weapon fire → unchanged
  • onPlayerWeaponFire only for valid, rate-limited packets
  • Non-finite or degenerate aim vectors → rejected without client crash

Checklist

  • Your code should follow the coding guidelines.
  • Smaller pull requests are easier to review. If your pull request is beefy, your pull request should be reviewable commit-by-commit.

- Added validation for bullet sync geometry and damage in CNetAPI, CGame, and CPlayer classes to prevent invalid bullet sync packets.
- Introduced a method in CPlayer to limit the rate of accepted bulletsync packets, enhancing anti-cheat measures.
- Updated packet reading methods in CBulletsyncPacket and related classes to utilize new validation functions for improved integrity checks.
- Refactored existing checks to leverage the new SyncBulletsyncValidation class for consistency and maintainability.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant