Dynamic Sprite Spawn Overflow

From ALttP Speedrunning Wiki
Revision as of 12:57, 27 August 2021 by Kan (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The long and short of this glitch is that if all sprite slots are occupied when certain dynamic sprite spawns are called, the intended sprite will not spawn; instead, a completely different sprite will spawn. This happens because the CPU goes through all the sprite indices and overflows to $FF. Most dynamic sprite spawns take this into account, and use $FF to indicate failure; however, some sprites ignore that possibility, and continue on with the invalid index. One of these writes is to the 255th sprite's X-coordinate high byte, which doesn't exist and actually writes to the slot F sprite ID.

For a more in-depth technical break down, see this page.

Tree Warp

The talking trees in dark world can be manipulated to spawn a wallmaster, which immediately takes Link to the last entrance he used. What's slightly different is that this glitch is triggered when all but one sprite slot is filled. This is because the tree uses 3 sprite slots—one for its mouth, two for its eyes. The eyes routine assumes that if the mouth is loaded, then it's safe to load the eyes. If all sprite slots are filled when a talking tree is brought on screen, it will simply not spawn. We also only get the wall master from the first eye. The 2nd eye will have the high byte of the 1st eye's X coordinate loaded as the new sprite.

For the tree, the wallmaster comes from loading the value $90 from address $01, which was put there by UseImplicitRegIndexedLocalJumpTable again. This time, the target address for the jump was local address $9043, which is routine SpritePrep_TalkingTree.