350800 And Its Relatives

Note: This article, somewhat edited for brevity, originally appeared in the Transactor, Vol. 6, No. 1 and is written by Elizabeth Deal in the Bits and Pieces column on pages 5-6.

-Todd

350800 And Its Relatives

The "350800 poison number" mentioned in the BITS and PIECES of the Vol. 5, Issue 5 Transactor is indeed a member of a class of neat numbers with high byte 137 (in fixed point format). This is due to a little bug in the PET, VIC and the C64 computers, as well as the APPLE. The bug does NOT exist in the RADIO SHACK computers, nor in the Commodore's B-128, Plus 4 and C-16. (Note: at the time the letter appeared, the C128 just came out, and of course, did not have this bug. -Todd)

Tracking the story down can be fun, and shows that the culprit is an intended error-exit from the routine that converts numeric characters in the BASIC text to a fixed point number. This routine is used for many things, one of them being BASIC line number entry. If you follow the PET code (below), beginning where it says 'START HERE', you'll see that when a number's high byte exceeds hex $19 (25 decimal) the intent is to abort. But ... the PET code jumps into the middle of the ON routine. Now when, and only when, your entered number has a high byte of 137 (hex $89) we fall into the trap. We pull an item off the stack and crash on trying to execute the code. By now, the action-address has been mangled. In the upgrade PET, we end up in zero page, $C8 being the remaining byte on the stack. Good fun.

[paragraph deleted]

;perform ON
c853 20 78 d6 jsr $d678
c856 48       pha
c857 c9 8d    cmp #$8d  ;gosub token?
c859 f0 04    beq $c85f

c85b c9 89    cmp #$89  ;goto? ... a trap into which we fall.

c85d d0 91    bne $c710
c85f c6 62    dec $62
c861 d0 04    bne $c867
c863 68       pla       ;<-herein lies the stack problem.
c864 4c 02 c7 jmp $c702 ;dispatch command/rts
;
c867 20 70 00 jsr $0070
c86a 20 73 c8 jsr $c873
c86d c9 2c    cmp #$2c
c86f f0 ee    beq $c85f
c871 68       pla
c872 60       rts
;
;--->START HERE - get fixed point number
c873 a2 00    ldx #$00
c875 86 11    stx $11
c877 86 12    stx $12
;big loop - do while characters are numeric
c879 b0 f7    bcs $c872 ;all done - exit
c87b e9 2f    sbc #$2f
c87d 85 03    sta $03
c87f a5 12    lda $12
c881 85 1f    sta $1f
c883 c9 19    cmp #$19  ;is the number over 63999?
c885 b0 d4    bcs $c85b ;yup...get out (into the trap!)**
c887 a5 11    lda $11
;...etc - multiply by 10 routine
c8a7 20 70 00 jsr $0070 ;chrget - from basic text
c8aa 4c 79 c8 jmp $c879 ;and loop back.

[paragraph deleted]

[disassembly deleted]

Obviously, this is copyrighted by the Transactor.

Contributed by Todd S. Elliott (eyeth@erols.com)

Marko Mäkelä