ArcFS 0.75 Module
- +1A00 - SWI XOS_FSControl without setting R3=0
- 9408 - if left on the high score table (can't reproduce)
- 13454 - at "Check and mate...Game over." - D444 triggers the read at the Aborting address
- 34F90 - on the main menu
- 1BEA0 - whilst displaying the intro (can't reproduce)
- 198D8 (CODE%+8768) - when starting a mission in !Chocks_2. Null dereference when it initialises variables; variable pointer @ 19960 (CODE%+87F0) = 0. !Chocks_2.<160>.Code is loaded at CODE%=&11170
- 85838 - after entering the first level
- +CBD0 in CLib when quitting
- 17E70 when quitting
- 45A6C - after skipping the intro
- +43C in CustomVDU - when starting a level
- EB10 - sometimes occurs when all characters die
Oh No! More Lemmings [RPC version] (2001) (R-Comp Interactive)
- +29C0 in MusicModule7 - when starting a level. Unset variables in voice handler
- 70848 - when the demo starts
- 70554 - when the demo starts
- +2D84 in MusicModc2000 - when loading
- +2D84 in MusicModc2000 - when loading
- 30B84 after starting. Called from D978, unset R0
- 16BB4 - when run from RAM::0.$.!wonderla
- 4E9C4 - whilst loading, if <wonderland$dir> doesn't contain at least one : and two . ie adfs::0.$.!wonderla
- 9770 - after loading
FIXED:
3D Construction Kit
- 2F3CC/2F3D4 - randomly when firing. Bug in its CallBack handler
- +458 in Sticks when on the loading screen. Bug in code: Unset sound pointers
- +318 in all the sound Modules. Bug in code, it checks R1=0 instead of R0=0 and doesn't then skip removing the voice
- 26AC4 - starting demo mode. Bug in code 26AC0: LDRB R0,&26AA4 / LDR R0,[R0,#0] should be LDR R0,&26AA4 / LDRB R0,[R0,#0]
- 26B28 - after clicking Demo mode or Start Alerion. Game intentionally overwrites the following vectors with MOV PC, #4:
- Undefined instruction
- Prefetch abort
- Data abort
- Address exception
- 84B0 - while loading. Bug in code: 84B0 LDR R1,&846C should be ADR R1,&846C
- 16010 - Voice Generator, during loading
- 64920 - Voice Generator, during loading
- +2B78 in CoconizerPlayer module - while loading. Replaced with 26/32bit neutral version
- 931C4 - when entering a level. Bug in code: NOP'd the instruction, might not be required
- +32C in a BambuzleMusic Module - while loading. Bug in code caused by MOV R3,#0 @ 24C setting the sample pointer to 0
- Within CLib when starting/stopping/pausing music. Bug in code: Null *in pointer passed to _kernel_swi
2EAF8 MOV R1,#0 should be SUB R1,SP,#&28
2F4BC MOV R1,#0 should be SUB R1,SP,#&28
2F518 MOV R1,#0 should be SUB R1,SP,#&28
- 2CAF4 - Stacks R14 within an IRQ routine, which results in the routine randomly exiting to page zero
- 4830C - when starting a game by pressing "E". Unset pointer @ 9550
- AF24 - after dying on disk 2 levels (eg Tinkers Tree). Bug in code: Subroutine @ B4D8 corrupts R1 if it exits early
- CB18 - after entering disk 3 levels (eg Sweet Meadow). Bug in code: CAD8 checks a countdown timer, but doesn't exit if its >0
- 800C - loading. Game intentionally replaces the Address exception hardware vector with SUBS PC, R14, #4
- 12CD0 - when killed by a green bug in Mudlark Bog. Bug in code, E168 LDMFD R13!,{PC} should be MOV PC,R14
- 13B34 - on the level selection screen. Bug in code: 1410C exits without restoring R1
- 181CC - unset variables in voice handler
- 164F0 - when starting a game ([14CB18]=0)
- F4678 - whilst in-level. Bug in code: Null reference
- F8298 - whilst in-level. Bug in code: LDRB R0,[R7,#2] should be LDRB R0,[R6,#2]
- F82A4 - whilst in-level. Bug in code: LDRB R0,[R7,#52] should be LDRB R0,[R6,#52]
- F82B0 - whilst in-level. Bug in code: LDRB R0,[R7,#6] should be LDRB R0,[R6,#6]
- F82BC - whilst in-level. Bug in code: LDRB R0,[R7,#56] should be LDRB R0,[R6,#56]
- 124040 - during loading. Bug in code: LDRB R0,[R6,#5] should be LDRB R0,[R9,#5]
- 1E1F0 - when you die. Bug in code: LDRB R2,[R0,#20] should be LDRB R2,[R1,#20]
- 1E1F8 - when you die. Bug in code: STRB R2,[R0,#20] should be STRB R2,[R1,#20]
- 16080 - when you press ALT. Bug in code: LDRB R4,[R3,#11] should be LDRB R4,[R4,#11]
- 218EC - when you place an object. Bug in code: R5 is corrupted before use, fix by restoring R5 from the stack:
218EC LDR R5,[R13, #4]
218F0 LDRB R2,[R5,#8]
218F4 TST R2,#&40
218F8 MOV R2,#&A0
218FC STRNEB R2,[R5,#&2E]
21900 MOV R2,#0
21904 STRNEB R2,[R5,#&2F] - +A94 in Paint Module - when you exit a room. Bug in code:
A90 LDRB R4,[R4,#12] should be LDRB R5,[R4,#12]
AA0 ADD R4,R4,R10 should be ADD R5,R5,R10
AA4 CMP R4,R1 should be CMP R5,R1
- E858 - after entering a highscore. Bug in code: Null pointer
- 4C238 - after displaying the map. Bug in code: Instruction shouldn't be there
- A59C - during loading, checking the disc record. Bug in code: LDR R0,[R0,#0] should be LDR R0,[R1,#0]
- +290/+438 in Engine Module - randomly after clicking "Start" or "Demo". Bug in code: 290 CMN R5,#1 should be CMP R0,#0
- +33C - in ChopperForceIntro Module during the intro. Bug in code: Null pointer, installs Voices before setting up their sample pointers
- 965D8 - after loading. Bug in code: Null pointer
- Various null pointers. Bug in code: Relies on OS_Heap allocations being 8 byte aligned
- 15758 - Voice Generator. Bug in code: Null pointer
- 825C - while moving the cursor around on the level selection screen. Bug in code: 26BD8 BEQ &26BF8 should be BLE &26BF8
- 158B8 - whilst loading. Bug in code
- 1F968 - while loading. It's a Voice Generator trying to initiate the SCCB during Instantiation. I've raised it as a potential bug on ROOL.
- 1FE94 - while loading
- 113F8 - when it plays the track sound. Two issues:
- Bug in code: Hardcoded to support three voice handlers, the fourth overwrites the code
- Bug in RISCOS: The GateOn entry isn't called first, so the SCCB isn't initialised (fixed in 2.49h)
- +33C in all four sound Modules. Bug in code: 318 BL &32C should be BLNE &32C
- 915C - while loading. Null dereference in Voice handler
- 1C608 - while loading, unset variable in voice handler
- +7A8 in ExSound - while loading
- 41724 - after clicking "Play a Game". Bug in code, a CLib file function is called with an explicit Null pointer in R0 from four locations:
26900 MOV R0, #0
26904 BL &3BDD0
27A10 MOV R0, #0
27A14 BL &3BDD0
2DA44 MOV R0, #0
2DA48 BL &3BDD0
2DCEC MOV R0, #0
2DCF0 BL &3BDD0
- 149F8 - while loading. Unset variable at 201A4
- +36F0 in WindowManager - while loading. Wimp_Initialise called with R2=0
- 3F8E8 - after pressing ENTER when loaded
- 4AF04 (CODE+4728) - when entering a level. CODE+48B0 calls the sprite plot code before the sprite ptr has been set
- 1E310 - during loading. Bug in code: Null pointer
- 1DBF0 - during loading. Bug in code: Null pointer
- E7DC (+27DC in FBmc) - after displaying the main screen. E7CC MOV R0,#&35C0 is trying to read softFont from its Arthur Page Zero location. For RO3.0 thru 3.49 redirect to 3600, for RISC OS 3.5+ the JIT handles it
- D87C (+187C in FBmc) - after pressing SPACE to start a game. Bug in code, D874 MOVEQ R4,#0, followed by D87C STR R9,[R4,#0]. Fixed by changing D87C to STRGT R9,[R4,#0]
- +36F0 in WindowManager while loading Euroblaster/Joust
- +5B4 in TrackerModule
- 1F7B4 - after intro. Null dereference in Studio2+ Sound Handler
- 51124 - after selecting a team. Bug in code: 51124 LDRB R4,[R1,R0] should be LDRB R4,[R11,R0]
- 96BC - after previewing the track. Bug in code: 610BC CMP R1,#0 / BLNE &610E4 should be CMP R1,#&8000 / BLHS &610E4
- +36F4 in WindowManager / Resource.Init - during loading. Attempts "*SAVE <Wimp$Scrap> 0 0" to see if it can write to the Scrap directory
- FF4C - when colliding with a baddie. Bug in code: LDR R7,[R11,R6,LSL #2] should be LDR R7,[R1,R6,LSL #2]
- 64558 - Voice Generator, during loading
- 39E10 - Voice Generator, at the "LOADING" screen
- 39E5C - Voice Generator, at the "LOADING" screen
- +29C in Audio1 - when quitting the game
- 1B384 - while loading. Bug in code: key table read code doesn't allocate enough space to read the longest line in Resources.table
- 14260 - while loading. E9A0 BL &14238 should be BLNE &14238 (not required - knock on from 1B384 issue)
- +158 in Start module - while loading, unset variable in voice handler
- 1E268, 1E27C - while loading. 1E268 LDR R2,[R1,#4] 1E27C LDR R2,[R1,#0] ;R1=0. Bug: Null dereference
- D034 - if left on the runway after loading. Bug: Null dereference
- 16078 - if left on the runway after loading. Bug: Null dereference
- 2B8A0 - randomly when pressing keys while sat on the runway. Bug: Null dereference
- 8024, 8324, 80A8 - while loading. Poorly written code that sets all hardware vectors to 0
- 8484 - after entering your name when selecting Play
- A1260 - Voice Generator, when starting the first level
- A15C8 - Bug in code: Null pointer, when starting the first level
- 8044 SWI Wimp_LoadTemplate. 8030/8034 initialise R2/R3 to page zero
- RMA +1B78 - while loading. Bug: Null dereference in Sound code @ RMA +860, caused by MOV R3,#0 @ (!8298)+11CC setting the sample pointer to 0
- 183B8 - when quitting
- Ninjasticks +480 - Voice Generator, at the main menu. Bug in code: The sample initialization code misses the first sample +168: ADD R1,R1,#8 should be NOP and +16C: MOV R2,#4 should be MOV R2,#5
- 1942C - when starting a new game. Bug in code: Null pointer @ 19438
- 2E3EC - while loading. Bug: Code calls the wrong SWI handle, replace with SWI OS_Byte
- +13088 in CLib - while loading. Bug: Instructions at 13FA0, 13FB0, 13FC0, 13FD0 are using the wrong offset. +4 to offset to fix
- 95524 - When it displays the "Legend of the Lost Temple" title screen after the intro. Bug in code: Null pointer
- 22870 - When you start a level. Bug in code: Null pointer
- 243B4 - When you fire and hit a monster. Bug in code: LDR R4,[R1,#4] should be LDR R4,[R11,#4]
- 24CF4 - When you fire and hit an eagle. Bug in code: LDR R4,[R1,#4] should be LDR R4,[R11,#4]
- +4754 in BASIC - on the title screen. Poorly written code: !Temple.GameDir.FrontEnd line 540 is IF ?0=1 THEN cheat%=TRUE ELSE cheat%=FALSE
- 99934 - Immediately on entering a level. Bug in code: Null pointer
- 99954 - When the first lemming drops. Bug in code: Null pointer
- +290 in SoundSystem module - while loading, unset variable in voice handler
- 69D30 - after the intro sequence. Bug in CPU detection code
- A684 - when starting a level. Bug in code: loop @ A680 doesn't check for an overrun before writing to the screen
- A1940 - Voice Generator
- A1B18 - Voice Generator
- A1CF0 - Voice Generator
- A1EC8 - Voice Generator
Two issues:
Pac-mania (1989) (Grandslam Entertainments)
- Bug in RISCOS: The GateOn entry isn't called first, so the SCCB isn't initialised (fixed in 2.49h)
- Bug in code: The initial GateOn entry values used to initialize the SCCB aren't initialized when the Voice Generators are installed
- 6FF90 - Voice Generator
- 70168 - Voice Generator
- 70340 - Voice Generator
- 70518 - Voice Generator
Two issues:
Pandora's Box
- Bug in RISCOS: The GateOn entry isn't called first, so the SCCB isn't initialised (fixed in 2.49h)
- Bug in code: The initial GateOn entry values used to initialize the SCCB aren't initialized when the Voice Generators are installed
- +9F4 in Paint Module - when you enter certain rooms. Bug in code:
9F0 LDRB R4,[R4,#27] should be LDRB R5,[R4,#27]
A00 ADD R4,R4,R10 should be ADD R5,R5,R10
A04 CMP R4,R1 should be CMP R5,R1
- 906C - as you start a game. Bug in code: Null pointer
- 91F0 - after finishing a level. Bug in code:
91E4 MOV R1,#&BF should be MOV R1,#&C2 to read the Mouse X,Y multipliers
91F0 STRB R2,[R2,#1] should be STRB R2,[R1,#1]
91F4 STRB R2,[R2,#2] should be STRB R2,[R1,#2]
- 66158 - when starting a level. Null dereference: 65D6C unset before sprite plot code is called
- 156B8 in CLibAPCS_R - while loading, passed a null pointer. Bug in code: Cursor function doesn't set R1,R2 before calling _kernel_swi
- 156B8 in CLibAPCS_R - when starting a game, passed a null pointer. Bug in code: TestIcons function doesn't set R1,R2 before calling _kernel_swi
- 1A758 after intro. Bug in code: 1A67C defaults the sample pointer to 0
- 16324 - displaying the high-score table. Bug in code: 1631C ADR R2,&163B0 should be ADR R1,&163B0
- +33C in RSSND. Bug in code: +314 CMP R1,#0 should be CMP R0,#0 and +318 BL &32C should be BLNE &32C
- 75894 - as you start a game. Bug in code: Unset value
- 681D8 - Voice Generator. Bug in code: Invalid pointer
- 68244 - Voice Generator. Bug in code: Null pointer
- 68420 - Voice Generator. Bug in code: Null pointer
- 6844C - Voice Generator. Bug in code: Null pointer
- 68478 - Voice Generator. Bug in code: Null pointer
- 684A4 - Voice Generator. Bug in code: Null pointer
- 684D0 - Voice Generator. Bug in code: Null pointer
- 684FC - Voice Generator. Bug in code: Null pointer
- 68528 - Voice Generator. Bug in code: Null pointer
- 68554 - Voice Generator. Bug in code: Null pointer
- B60CC - sound channel handler doesn't check if the channel has an active sound
- B6574 - when hit. LDMIA R2!,{R6-R11} should be LDMIA R1!,{R6-R11}
- AFC08 - when hit. Bug in code
- AFB78 - randomly when colliding. Bug: AFC28 calls routine @ B16C4, which corrupts R0
- 9328 - when you start a level. Bug in code: Null pointer
- B8EC - after inserting disc 2. Bug in code: 37514 branches to a screen copy routine, before the screen address is known
- <random address> - when quitting. 57EB0 LDMIA R13,{R0,PC} should be LDMIA R13!,{R0,PC}
- <random address> - when quitting. 62024 LDMIA R13,{R0,PC} should be LDMIA R13!,{R0,PC}
- 1E548 - shortly after entering a match. Bug in code: Null pointer
- 19C24 during loading. Bug in code: Null pointer
- 2163C in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
- 21694 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
- 237F4 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
- 29D64 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
- 2A030 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
- 2A070 in-game if keys aren't pressed and its left to play. Bug in code: Null pointer
- 11418 - after intro sequence. Bug in code, enables TickerV code before the vars are initialized
- 6BC18 - Voice Generator
- +33C in HIT - after title screen
- +33C in HELLOWE - after title screen
- NEWMAIN - lots of references to !4288 (10C0 = VDU screen start address)
- 58F8C - when reporting an error. Bug in code: Doesn't build a stack frame before calling the os_byte subroutine:
27F4C LDMFD R11,{R4,R11,R13,R14} should be SWI OS_Byte
27F50 B &58F5C should be LDMFD R11,{R4,R11,R13,PC} - 4EFA4 - during loading. Bug in code: Null pointer
- F6D8 - every call to the memcopy routine @ F6CC generates Page Zero accesses due to R1 corruption. As its not obvious what R1 should be, ignore the memcopy by: F6CC MOV PC,R14
- 14AEC - every call to the memcopy routine @ 14AE0 generates Page Zero accesses due to R1 corruption. As its not obvious what R1 should be, ignore the memcopy by: 14AE0 MOV PC,R14
- 19194..191A4 - while loading and when clicking YES to DATA disk inserted
- 5E684 - when pressing CTRL-ESC at the menu. Bug in code: Exits via R14 instead of OS_Exit
- 1F170 - after intro sequence. Bug in code: The code sequence at 11214 is following the Arthur convention for Sound_InstallVoice 0 and is expecting R0 to point to a "*** No Voice" string. On RO2+, R0 is a null pointer if no voice is installed on the channel
- 9EB4 - if left on the demo sequence. Bug in code: Null pointer
- C34C when starting a level - Null dereference