phwl@runxtsa.runx.oz.au (Philip Leong) (12/21/89)
I have found that running nethack version 3.0h Patchlevel 6 under Xenix 2.3.2
on an 80386, will occasionally dump core due to a division by zero problem
caused by calling rnd() with 0 as the argument. I think that this problem
is due to a bug in the Xenix C compiler generating the wrong code for the
call to rnd(). In my binary, the code generated for newexplevel() is as
follows with the bug marked:
* _newexplevel: push ebp
* _newexplevel+0x1: mov ebp,esp
* _newexplevel+0x3: sub esp,0x4
* _newexplevel+0x6: push esi
* _newexplevel+0x7: cmp _u+0x18,0x1e
* _newexplevel+0xe: jae _newexplevel+0xc6
* _newexplevel+0x14: push _u+0x18
* _newexplevel+0x1a: call near _newuexp
* _newexplevel+0x1f: add esp,0x4
* _newexplevel+0x22: cmp eax,_u+0x224
* _newexplevel+0x28: jg _newexplevel+0xc6
* _newexplevel+0x2e: inc _u+0x18
* _newexplevel+0x34: push _u+0x18
* _newexplevel+0x3a: call near _newuexp
* _newexplevel+0x3f: add esp,0x4
* _newexplevel+0x42: cmp eax,_u+0x224
* _newexplevel+0x48: jg _newexplevel+0x5e
* _newexplevel+0x4a: push _u+0x18
* _newexplevel+0x50: call near _newuexp
* _newexplevel+0x55: add esp,0x4
* _newexplevel+0x58: dec eax
* _newexplevel+0x59: mov _u+0x224,eax
* _newexplevel+0x5e: push _u+0x18
* _newexplevel+0x64: push 0x1888848
* _newexplevel+0x69: call near _pline
* _newexplevel+0x6e: add esp,0x8
* _newexplevel+0x71: call near _set_uasmon
* _newexplevel+0x76: push 0x1
* _newexplevel+0x78: call near _adjabil
* _newexplevel+0x7d: add esp,0x4
* _newexplevel+0x80: call near _newhp
* _newexplevel+0x85: mov esi,eax
* _newexplevel+0x87: add _u+0x204,esi
* _newexplevel+0x8d: add _u+0x200,esi
* _newexplevel+0x93: push 0x2
* _newexplevel+0x95: call near _acurr
* _newexplevel+0x9a: add esp,0x4
* _newexplevel+0x9d: cbw
* _newexplevel+0x9f: sub al,dl <<---!! this shouldn't be here
* _newexplevel+0xa1: sar al,1
* _newexplevel+0xa3: movsx eax,al
* _newexplevel+0xa6: inc eax
* _newexplevel+0xa7: push eax
* _newexplevel+0xa8: call near _rnd
I fixed this with a little binary patch as follows after su'ing to games in
the nethack directory:
--------------------------------------------------
$ cp nethack nethack.old
$ adb -w nethack
* newexplevel+0x9f?i
_newexplevel+0x9f: sub al,dl
* newexplevel+0x9f?w 9090
_newexplevel+0x9f: 0xc22a= 0x9090
* $q
--------------------------------------------------
Philip Leong.
ACSnet: phwl@runxtsa.oz JANET: runxtsa.oz!phwl@uk.ac.ukc
ARPA: phwl%runxtsa.oz@uunet.UU.NET CSNET: phwl@runxtsa.oz.au
UUCP: {enea,hplabs,mcvax,prlb2,uunet,ubc-vision,ukc}!munnari!runxtsa.oz!phwl
"In conclusion, I'd like to finish with the end".