My favourite quote from this series of blog posts:
> One thing to note about this instruction [FX1E] is that it will quite happily let you sail off into the uncharted waters of memory beyond the on-board 4K, because it will only wrap when the offset takes the address beyond 65535. The Chip-8 programmer must ensure it contains a meaningful value.
This behaviour doesn't matter much on a COSMAC VIP, but on modern emulators it presents an opportunity for OOB accesses, and you'd be amazed how many independent implementations stumbled across this same bug. I wrote about exploiting one of them (to achieve an emulator escape) here https://www.da.vidbuchanan.co.uk/blog/bggp3.html
> One thing to note about this instruction [FX1E] is that it will quite happily let you sail off into the uncharted waters of memory beyond the on-board 4K, because it will only wrap when the offset takes the address beyond 65535. The Chip-8 programmer must ensure it contains a meaningful value.
https://www.laurencescotford.net/2020/07/19/chip-8-on-the-co...
This behaviour doesn't matter much on a COSMAC VIP, but on modern emulators it presents an opportunity for OOB accesses, and you'd be amazed how many independent implementations stumbled across this same bug. I wrote about exploiting one of them (to achieve an emulator escape) here https://www.da.vidbuchanan.co.uk/blog/bggp3.html