Skip to content

Replay hallucination via uint8_t response length overflow #3114

Description

@purerosefallen

Summary

A replay response length overflow can cause replay hallucination.

Replay response lengths are stored as uint8_t, but the server may record client response payloads larger than 255 bytes. When this happens, the stored length overflows/truncates to one byte.

For example:

  • a response length of 260 is stored as 4
  • a response length of 512 is stored as 0

The replay reader then consumes only the truncated length for the current response, while the remaining bytes stay in the replay response stream and may be interpreted as future responses.

Actual Behavior

A modified client can send an oversized response whose leading bytes are accepted by the duel core.

The live duel may continue normally, but the replay records:

  • a truncated uint8_t response length
  • the full oversized response payload

During playback, the replay may consume the extra bytes as later responses. This can create a replay hallucination: the replay appears to show actions or choices that did not actually happen in the live duel.

Expected Behavior

Replay response length must not overflow or truncate.

The server should never write a response payload whose length cannot be represented correctly by the replay format. Replay playback should faithfully represent the actual accepted duel flow, with no extra client-supplied trailing bytes becoming future responses.

Impact

This is a replay integrity issue.

A malicious modified client may be able to inject additional replay response data by abusing uint8_t length overflow. In tournament or ranked environments, this can make replay evidence unreliable.

In the worst case, a replay may remain playable but hallucinate a different duel sequence, such as showing a player making choices or mistakes that they did not make during the actual duel.

Suggested Fix

The server should prevent uint8_t replay response length overflow.

Possible fixes include:

  • Reject CTOS_RESPONSE payloads larger than 255 bytes.
  • Clamp recorded response payloads to the canonical response size for the current prompt.
  • Record only normalized accepted response bytes.
  • Avoid writing oversized raw client response data into replay files.

The key requirement is that replay response length and replay response payload size must always match exactly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity issues.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions