Page zero access bugs

Discuss ADFFS development and download test releases
Locked
JonAbbott
Posts: 2938
Joined: Thu Apr 11, 2013 12:13 pm
Location: Essex
Contact:

Page zero access bugs

Post by JonAbbott »

NOT FIXED:

ArcFS 0.75 Module
  • +1A00 - SWI XOS_FSControl without setting R3=0
Ballarena
  • 9408 - if left on the high score table (can't reproduce)
Battle Chess
  • 13454 - at "Check and mate...Game over." - D444 triggers the read at the Aborting address
The Chaos Engine
  • 34F90 - on the main menu
Chequered Flag [RO3 version]
  • 1BEA0 - whilst displaying the intro (can't reproduce)
The Cobalt Seed
  • 85838 - after entering the first level
Corruption
  • +CBD0 in CLib when quitting
The Crystal Maze
  • 17E70 when quitting
Dune II - Battle for Arrakis
  • 45A6C - after skipping the intro
Formula Two Thousand
  • 1F7B4 - after intro. Null dereference in Studio2+ Sound Handler
  • 51124 - after selecting a team. Bug in code: 51124 LDRB R4,[R1,R0] should be LDRB R4,[R11,R0]
  • 96BC - after previewing the track. Bug in code: 610BC CMP R1,#0 / BLNE &610E4 should be CMP R1,#&8000 / BLHS &610E4
Hamsters
  • +43C in CustomVDU - when starting a level
Heimdall
  • EB10 - sometimes occurs when all characters die
SimCity 2000 [A5000 version]
  • +2D84 in MusicModc2000 - when loading
SimCity 2000 [RPC version]
  • +2D84 in MusicModc2000 - when loading
Waterloo
  • 30B84 after starting. Called from D978, unset R0
Wonderland
  • 16BB4 - when run from RAM::0.$.!wonderla
  • 4E9C4 - whilst loading, if <wonderland$dir> doesn't contain at least one : and two . ie adfs::0.$.!wonderla
X-Fire
  • 9770 - after loading



FIXED:

3D Construction Kit
  • 2F3CC/2F3D4 - randomly when firing. Bug in its CallBack handler
Air Supremacy
  • +458 in Sticks when on the loading screen. Bug in code: Unset sound pointers
Alien Invasion
  • +318 in all the sound Modules. Bug in code, it checks R1=0 instead of R0=0 and doesn't then skip removing the voice
Alerion
  • 26AC4 - starting demo mode. Bug in code 26AC0: LDRB R0,&26AA4 / LDR R0,[R0,#0] should be LDR R0,&26AA4 / LDRB R0,[R0,#0]
  • 26B28 - after clicking Demo mode or Start Alerion. Game intentionally overwrites the following vectors with MOV PC, #4:
    • Undefined instruction
    • Prefetch abort
    • Data abort
    • Address exception
Alone In the Dark
  • 84B0 - while loading. Bug in code: 84B0 LDR R1,&846C should be ADR R1,&846C
Arc/A3000 Christmas Box, The: Zap the red wierdos from Mars
  • 16010 - Voice Generator, during loading
Arc/A3000 Christmas Box, The: PON! in Winterland
  • 64920 - Voice Generator, during loading
Arcturus
  • +2B78 in CoconizerPlayer module - while loading. Replaced with 26/32bit neutral version
  • 931C4 - when entering a level. Bug in code: NOP'd the instruction, might not be required
Bambuzle
  • +32C in a BambuzleMusic Module - while loading. Bug in code caused by MOV R3,#0 @ 24C setting the sample pointer to 0
Birds of War
  • Within CLib when starting/stopping/pausing music. Bug in code: Null *in pointer passed to _kernel_swi
    2EAF8 MOV R1,#0 should be SUB R1,SP,#&28
    2F4BC MOV R1,#0 should be SUB R1,SP,#&28
    2F518 MOV R1,#0 should be SUB R1,SP,#&28
BlastOn (Eterna and UCS releases)
  • 2CAF4 - Stacks R14 within an IRQ routine, which results in the routine randomly exiting to page zero
Bloodlust
  • 4830C - when starting a game by pressing "E". Unset pointer @ 9550
Boogie Buggy
  • AF24 - after dying on disk 2 levels (eg Tinkers Tree). Bug in code: Subroutine @ B4D8 corrupts R1 if it exits early
  • CB18 - after entering disk 3 levels (eg Sweet Meadow). Bug in code: CAD8 checks a countdown timer, but doesn't exit if its >0
  • 800C - loading. Game intentionally replaces the Address exception hardware vector with SUBS PC, R14, #4
  • 12CD0 - when killed by a green bug in Mudlark Bog. Bug in code, E168 LDMFD R13!,{PC} should be MOV PC,R14
  • 13B34 - on the level selection screen. Bug in code: 1410C exits without restoring R1
Brutal Horse Power
  • 181CC - unset variables in voice handler
Bubble Impact
  • 164F0 - when starting a game ([14CB18]=0)
Cannon Fodder
  • F4678 - whilst in-level. Bug in code: Null reference
  • F8298 - whilst in-level. Bug in code: LDRB R0,[R7,#2] should be LDRB R0,[R6,#2]
  • F82A4 - whilst in-level. Bug in code: LDRB R0,[R7,#52] should be LDRB R0,[R6,#52]
  • F82B0 - whilst in-level. Bug in code: LDRB R0,[R7,#6] should be LDRB R0,[R6,#6]
  • F82BC - whilst in-level. Bug in code: LDRB R0,[R7,#56] should be LDRB R0,[R6,#56]
  • 124040 - during loading. Bug in code: LDRB R0,[R6,#5] should be LDRB R0,[R9,#5]
Carnage Inc
  • 1E1F0 - when you die. Bug in code: LDRB R2,[R0,#20] should be LDRB R2,[R1,#20]
  • 1E1F8 - when you die. Bug in code: STRB R2,[R0,#20] should be STRB R2,[R1,#20]
  • 16080 - when you press ALT. Bug in code: LDRB R4,[R3,#11] should be LDRB R4,[R4,#11]
  • 218EC - when you place an object. Bug in code: R5 is corrupted before use, fix by restoring R5 from the stack:
    218EC LDR R5,[R13, #4]
    218F0 LDRB R2,[R5,#8]
    218F4 TST R2,#&40
    218F8 MOV R2,#&A0
    218FC STRNEB R2,[R5,#&2E]
    21900 MOV R2,#0
    21904 STRNEB R2,[R5,#&2F]
  • +A94 in Paint Module - when you exit a room. Bug in code:
    A90 LDRB R4,[R4,#12] should be LDRB R5,[R4,#12]
    AA0 ADD R4,R4,R10 should be ADD R5,R5,R10
    AA4 CMP R4,R1 should be CMP R5,R1
Cataclysm
  • E858 - after entering a highscore. Bug in code: Null pointer
Caverns
  • 4C238 - after displaying the map. Bug in code: Instruction shouldn't be there
Chequered Flag [RO2 version]
  • A59C - during loading, checking the disc record. Bug in code: LDR R0,[R0,#0] should be LDR R0,[R1,#0]
Chequered Flag [RO3 version]
  • +290/+438 in Engine Module - randomly after clicking "Start" or "Demo". Bug in code: 290 CMN R5,#1 should be CMP R0,#0
Chopper Force
  • +33C - in ChopperForceIntro Module during the intro. Bug in code: Null pointer, installs Voices before setting up their sample pointers
  • 965D8 - after loading. Bug in code: Null pointer
The Cobalt Seed
  • Various null pointers. Bug in code: Relies on OS_Heap allocations being 8 byte aligned
  • 15758 - Voice Generator. Bug in code: Null pointer
Command Ship
  • 825C - while moving the cursor around on the level selection screen. Bug in code: 26BD8 BEQ &26BF8 should be BLE &26BF8
  • 158B8 - whilst loading. Bug in code
  • 1F968 - while loading. It's a Voice Generator trying to initiate the SCCB during Instantiation. I've raised it as a potential bug on ROOL.
  • 1FE94 - while loading
Conqueror
  • 113F8 - when it plays the track sound. Two issues:
    1. Bug in code: Hardcoded to support three voice handlers, the fourth overwrites the code
    2. Bug in RISCOS: The GateOn entry isn't called first, so the SCCB isn't initialised (fixed in 2.49h)
Confusion
  • +33C in all four sound Modules. Bug in code: 318 BL &32C should be BLNE &32C
Cycloids
  • 915C - while loading. Null dereference in Voice handler
Deadline
  • 1C608 - while loading, unset variable in voice handler
Demon's Lair [SA version] / The Dungeon
  • +7A8 in ExSound - while loading
Dune II - Battle for Arrakis
  • 41724 - after clicking "Play a Game". Bug in code, a CLib file function is called with an explicit Null pointer in R0 from four locations:
    26900 MOV R0, #0
    26904 BL &3BDD0
    27A10 MOV R0, #0
    27A14 BL &3BDD0
    2DA44 MOV R0, #0
    2DA48 BL &3BDD0
    2DCEC MOV R0, #0
    2DCF0 BL &3BDD0
E-Type II
  • 149F8 - while loading. Unset variable at 201A4
Emotions - Search for Humanity
  • +36F0 in WindowManager - while loading. Wimp_Initialise called with R2=0
Empire Soccer 94
  • 3F8E8 - after pressing ENTER when loaded
The Exotic Adventures of Sylvia Layne
  • 4AF04 (CODE+4728) - when entering a level. CODE+48B0 calls the sprite plot code before the sprite ptr has been set
Fire & Ice
  • 1E310 - during loading. Bug in code: Null pointer
  • 1DBF0 - during loading. Bug in code: Null pointer
Fireball
  • E7DC (+27DC in FBmc) - after displaying the main screen. E7CC MOV R0,#&35C0 is trying to read softFont from its Arthur Page Zero location. For RO3.0 thru 3.49 redirect to 3600, for RISC OS 3.5+ the JIT handles it
  • D87C (+187C in FBmc) - after pressing SPACE to start a game. Bug in code, D874 MOVEQ R4,#0, followed by D87C STR R9,[R4,#0]. Fixed by changing D87C to STRGT R9,[R4,#0]
Flying High
  • +36F0 in WindowManager while loading Euroblaster/Joust
Formula Fun
  • +5B4 in TrackerModule
Frak!
  • +36F4 in WindowManager / Resource.Init - during loading. Attempts "*SAVE <Wimp$Scrap> 0 0" to see if it can write to the Scrap directory
F.R.E.D.
  • FF4C - when colliding with a baddie. Bug in code: LDR R7,[R11,R6,LSL #2] should be LDR R7,[R1,R6,LSL #2]
Games Minipack Five: PON!
  • 64558 - Voice Generator, during loading
Gods
  • 39E10 - Voice Generator, at the "LOADING" screen
Gods [RPC version]
  • 39E5C - Voice Generator, at the "LOADING" screen
Guile
  • +29C in Audio1 - when quitting the game
High Risc Racing
  • 1B384 - while loading. Bug in code: key table read code doesn't allocate enough space to read the longest line in Resources.table
  • 14260 - while loading. E9A0 BL &14238 should be BLNE &14238 (not required - knock on from 1B384 issue)
Humanoids & Robotix: Robotix
  • +158 in Start module - while loading, unset variable in voice handler
Interdictor
  • 1E268, 1E27C - while loading. 1E268 LDR R2,[R1,#4] 1E27C LDR R2,[R1,#0] ;R1=0. Bug: Null dereference
  • D034 - if left on the runway after loading. Bug: Null dereference
  • 16078 - if left on the runway after loading. Bug: Null dereference
  • 2B8A0 - randomly when pressing keys while sat on the runway. Bug: Null dereference
James Pond II
  • 8024, 8324, 80A8 - while loading. Poorly written code that sets all hardware vectors to 0
James Pond Underwater Agent and Running Water
  • 8484 - after entering your name when selecting Play
Kaptain Konflict
  • A1260 - Voice Generator, when starting the first level
  • A15C8 - Bug in code: Null pointer, when starting the first level
K.V.
  • 8044 SWI Wimp_LoadTemplate. 8030/8034 initialise R2/R3 to page zero
  • RMA +1B78 - while loading. Buf: Null dereference in Sound code @ RMA +860, caused by MOV R3,#0 @ (!8298)+11CC setting the sample pointer to 0
The Last Days of Doom & Hezarin
  • 183B8 - when quitting
The Last Ninja
  • Ninjasticks +480 - Voice Generator, at the main menu. Bug in code: The sample initialization code misses the first sample +168: ADD R1,R1,#8 should be NOP and +16C: MOV R2,#4 should be MOV R2,#5
  • 1942C - when starting a new game. Bug in code: Null pointer @ 19438
Leeds United
  • 2E3EC - while loading. Bug: Code calls the wrong SWI handle, replace with SWI OS_Byte
  • +13088 in CLib - while loading. Bug: Instructions at 13FA0, 13FB0, 13FC0, 13FD0 are using the wrong offset. +4 to offset to fix
The Legend of the Lost Temple
  • 95524 - When it displays the "Legend of the Lost Temple" title screen after the intro. Bug in code: Null pointer
  • 22870 - When you start a level. Bug in code: Null pointer
  • 243B4 - When you fire and hit a monster. Bug in code: LDR R4,[R1,#4] should be LDR R4,[R11,#4]
  • 24CF4 - When you fire and hit an eagle. Bug in code: LDR R4,[R1,#4] should be LDR R4,[R11,#4]
  • +4754 in BASIC - on the title screen. Poorly written code: !Temple.GameDir.FrontEnd line 540 is IF ?0=1 THEN cheat%=TRUE ELSE cheat%=FALSE
Lemmings 2
  • 99934 - Immediately on entering a level. Bug in code: Null pointer
  • 99954 - When the first lemming drops. Bug in code: Null pointer
Man at Arms
  • +290 in SoundSystem module - while loading, unset variable in voice handler
Manchester United Europe
  • 69D30 - after the intro sequence. Bug in CPU detection code
Overload (Clares)
  • A684 - when starting a level. Bug in code: loop @ A680 doesn't check for an overrun before writing to the screen
Pac-mania (F10447)
  • A1940 - Voice Generator
  • A1B18 - Voice Generator
  • A1CF0 - Voice Generator
  • A1EC8 - Voice Generator
Two issues:
  1. Bug in RISCOS: The GateOn entry isn't called first, so the SCCB isn't initialised (fixed in 2.49h)
  2. Bug in code: The initial GateOn entry values used to initialize the SCCB aren't initialized when the Voice Generators are installed
Pac-mania (F10507)
  • 6FF90 - Voice Generator
  • 70168 - Voice Generator
  • 70340 - Voice Generator
  • 70518 - Voice Generator
Two issues:
  1. Bug in RISCOS: The GateOn entry isn't called first, so the SCCB isn't initialised (fixed in 2.49h)
  2. Bug in code: The initial GateOn entry values used to initialize the SCCB aren't initialized when the Voice Generators are installed
Pandora's Box
  • +9F4 in Paint Module - when you enter certain rooms. Bug in code:
    9F0 LDRB R4,[R4,#27] should be LDRB R5,[R4,#27]
    A00 ADD R4,R4,R10 should be ADD R5,R5,R10
    A04 CMP R4,R1 should be CMP R5,R1
Paradroid 2000
  • 906C - as you start a game. Bug in code: Null pointer
Pesky Muskrats
  • 91F0 - after finishing a level. Bug in code:
    91E4 MOV R1,#&BF should be MOV R1,#&C2 to read the Mouse X,Y multipliers
    91F0 STRB R2,[R2,#1] should be STRB R2,[R1,#1]
    91F4 STRB R2,[R2,#2] should be STRB R2,[R1,#2]
Pushy
  • 66158 - when starting a level. Null dereference: 65D6C unset before sprite plot code is called
Put It!
  • 156B8 in CLibAPCS_R - while loading, passed a null pointer. Bug in code: Cursor function doesn't set R1,R2 before calling _kernel_swi
  • 156B8 in CLibAPCS_R - when starting a game, passed a null pointer. Bug in code: TestIcons function doesn't set R1,R2 before calling _kernel_swi
Quark
  • 1A758 after intro. Bug in code: 1A67C defaults the sample pointer to 0
  • 16324 - displaying the high-score table. Bug in code: 1631C ADR R2,&163B0 should be ADR R1,&163B0
RedShift
  • +33C in RSSND. Bug in code: +314 CMP R1,#0 should be CMP R0,#0 and +318 BL &32C should be BLNE &32C
Rick Dangerous
  • 75894 - as you start a game. Bug in code: Unset value
Rockfall
  • 681D8 - Voice Generator. Bug in code: Invalid pointer
  • 68244 - Voice Generator. Bug in code: Null pointer
  • 68420 - Voice Generator. Bug in code: Null pointer
  • 6844C - Voice Generator. Bug in code: Null pointer
  • 68478 - Voice Generator. Bug in code: Null pointer
  • 684A4 - Voice Generator. Bug in code: Null pointer
  • 684D0 - Voice Generator. Bug in code: Null pointer
  • 684FC - Voice Generator. Bug in code: Null pointer
  • 68528 - Voice Generator. Bug in code: Null pointer
  • 68554 - Voice Generator. Bug in code: Null pointer
Software 42 Collection: Raw Power
  • B60CC - sound channel handler doesn't check if the channel has an active sound
  • B6574 - when hit. LDMIA R2!,{R6-R11} should be LDMIA R1!,{R6-R11}
  • AFC08 - when hit. Bug in code
  • AFB78 - randomly when colliding. Bug: AFC28 calls routine @ B16C4, which corrupts R0
Rotor
  • 9328 - when you start a level. Bug in code: Null pointer
Sensible Soccer
  • B8EC - after inserting disc 2. Bug in code: 37514 branches to a screen copy routine, before the screen address is known
SimCity 2000 [A5000 version]
  • <random address> - when quitting. 57EB0 LDMIA R13,{R0,PC} should be LDMIA R13!,{R0,PC}
SimCity 2000 [RPC version]
  • <random address> - when quitting. 62024 LDMIA R13,{R0,PC} should be LDMIA R13!,{R0,PC}
SpeedBall 2
  • 1E548 - shortly after entering a match. Bug in code: Null pointer
S.W.I.V (original and BUZZ versions)
  • 19C24 during loading. Bug in code: Null pointer
  • 2163C in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
  • 21694 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
  • 237F4 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
  • 29D64 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
  • 2A030 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
  • 2A070 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
Wolfenstein 3D
  • 11418 - after intro sequence. Bug in code, enables TickerV code before the vars are initialized
Warlocks
  • 6BC18 - Voice Generator
White Magic
  • +33C in HIT - after title screen
White Magic 2
  • +33C in HELLOWE - after title screen
Wizard Apprentice
  • NEWMAIN - lots of references to !4288 (10C0 = VDU screen start address)
Wonderland
  • 58F8C - when reporting an error. Bug in code: Doesn't build a stack frame before calling the os_byte subroutine:
    27F4C LDMFD R11,{R4,R11,R13,R14} should be SWI OS_Byte
    27F50 B &58F5C should be LDMFD R11,{R4,R11,R13,PC}
  • 4EFA4 - during loading. Bug in code: Null pointer
WorldScape 0.91
  • F6D8 - every call to the memcopy routine @ F6CC generates Page Zero accesses due to R1 corruption. As its not obvious what R1 should be, ignore the memcopy by: F6CC MOV PC,R14
WorldScape 1.00
  • 14AEC - every call to the memcopy routine @ 14AE0 generates Page Zero accesses due to R1 corruption. As its not obvious what R1 should be, ignore the memcopy by: 14AE0 MOV PC,R14
  • 19194..191A4 - while loading and when clicking YES to DATA disk inserted
Xenon 2: Megablast
  • 5E684 - when pressing CTRL-ESC at the menu. Bug in code: Exits via R14 instead of OS_Exit
X-Fire
  • 1F170 - after intro sequence. Bug in code: The code sequence at 11214 is following the Arthur convention for Sound_InstallVoice 0 and is expecting R0 to point to a "*** No Voice" string. On RO2+, R0 is a null pointer if no voice is installed on the channel
  • 9EB4 - if left on the demo sequence. Bug in code: Null pointer
Zodiac - Aries: Square Route
  • C34C when starting a level - Null dereference
Locked