# Basic overflow

See basic-overflow for more details.

# Entering new character using variables

Apart from the variables that can be entered normally (`ABCDEFxyM`, and `z` on some models), the symbols with codepoint 4C, 4D, 4E, 4F and 25 are considered variables too. It's possible to assign values to them with `[CALC]`, and they're mapped to some memory area that the calculator uses for other purposes.

In particular, assigning `1.0000FD2023` to variable 4D will change the first formula in the calculation history to `an` (codepoint `FD20`).

Note that a faster method is known for getting `an`, see basic-overflow.

# Exploits with `an`

`an` is similar to `r` on ES PLUS calculator that it executes some unintended piece of code. On fx-580VN X emulator, it changes the stack value depends on where the `an` is located on the stack.

For example: Pressing [=] or [CALC] [=] when there are 110 characters before the `an`, if the formula evaluates cleanly, will:

- Clear the screen
- Set the stack pointer such that: the copy of the formula to the undo buffer (using
`smart_strcpy`, this happens in linear mode when [=] is pressed) will overwrite the top of the stack — in particular the first POP PC that is affected (the one inside`smart_strcpy}`will have SP value before POP PC at`0xd522+34`. So if the formula is at least 34 bytes long the PC will be corrupted.

Note:

- The SP value is equal to the number of characters before
`an`plus a fixed offset. - Before being copied to the undo buffer, depending on the calculator model, the formula may be transformed (
`÷AB`is transformed to`÷(AB)`. ÷ and ÷R are affected) which changes the formula.**Note**: Always double-check if any parentheses are added (for example with the emulator), because there's some corner cases where it's not easy to see (for example the formula`<FE FE> ÷R 0 )`is transformed into`<FE FE> ÷R ( 0 ) )`despite`÷R 0 )`are not usually transformed) Alternatively it's possible to simply fill all of the remaining spaces (total 199 bytes), no parentheses will be added in this case.

# Number format exploit

It's possible to obtain some particular invalid number values (Number format) with variables (see the section above)