From bffcaf32187d1695b3e14a86a2871414a4f6b6ed Mon Sep 17 00:00:00 2001 From: Lioncash Date: Wed, 30 May 2018 10:39:24 -0400 Subject: [PATCH] JitArm64_BackPatch: Correct usage of an invalidated iterator after a std::map erase() call in HandleFastmemFault() Given the iterator gets invalidated within the erase() call, just keep a temporary around to store the pointer address. --- .../Core/PowerPC/JitArm64/JitArm64_BackPatch.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Source/Core/Core/PowerPC/JitArm64/JitArm64_BackPatch.cpp b/Source/Core/Core/PowerPC/JitArm64/JitArm64_BackPatch.cpp index ebfd207115..3d02c96316 100644 --- a/Source/Core/Core/PowerPC/JitArm64/JitArm64_BackPatch.cpp +++ b/Source/Core/Core/PowerPC/JitArm64/JitArm64_BackPatch.cpp @@ -3,6 +3,7 @@ // Refer to the license.txt file included. #include +#include #include #include "Common/BitSet.h" @@ -306,21 +307,24 @@ bool JitArm64::HandleFastmemFault(uintptr_t access_address, SContext* ctx) if (slow_handler_iter == m_fault_to_handler.end()) return false; + const u8* fault_location = slow_handler_iter->first; + const u32 fastmem_area_length = slow_handler_iter->second.length; + // no overlapping fastmem area found - if ((const u8*)ctx->CTX_PC - slow_handler_iter->first > slow_handler_iter->second.length) + if ((const u8*)ctx->CTX_PC - fault_location > fastmem_area_length) return false; - ARM64XEmitter emitter((u8*)slow_handler_iter->first); + ARM64XEmitter emitter((u8*)fault_location); emitter.BL(slow_handler_iter->second.slowmem_code); - u32 num_insts_max = slow_handler_iter->second.length / 4 - 1; + const u32 num_insts_max = fastmem_area_length / 4 - 1; for (u32 i = 0; i < num_insts_max; ++i) emitter.HINT(HINT_NOP); m_fault_to_handler.erase(slow_handler_iter); emitter.FlushIcache(); - ctx->CTX_PC = (u64)slow_handler_iter->first; + ctx->CTX_PC = reinterpret_cast(fault_location); return true; }