Kernel: Add a little paranoia check on chained mipscalls.

See #13057
hrydgard · Jul 12, 2020 · e184ed3 · e184ed3
1 parent f38aa9f
commit e184ed3
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/Core/HLE/sceKernelThread.cpp b/Core/HLE/sceKernelThread.cpp
@@ -3100,6 +3100,7 @@ static bool __CanExecuteCallbackNow(PSPThread *thread) {
 	return currentCallbackThreadID == 0 && g_inCbCount == 0;
 }
 
+// Takes ownership of afterAction.
 void __KernelCallAddress(PSPThread *thread, u32 entryPoint, PSPAction *afterAction, const u32 args[], int numargs, bool reschedAfter, SceUID cbId) {
 	if (!thread || thread->isStopped()) {
 		WARN_LOG_REPORT(SCEKERNEL, "Running mipscall on dormant thread");
@@ -3244,11 +3245,11 @@ void __KernelReturnFromMipsCall()
 	u32 retVal = currentMIPS->r[MIPS_REG_V0];
 	DEBUG_LOG(SCEKERNEL, "__KernelReturnFromMipsCall(), returned %08x", retVal);
 
-	// Should also save/restore wait state here.
-	if (call->doAfter)
-	{
+	// TODO: Should also save/restore wait state here?
+	if (call->doAfter) {
 		call->doAfter->run(*call);
 		delete call->doAfter;
+		call->doAfter = nullptr;
 	}
 
 	u32 &sp = currentMIPS->r[MIPS_REG_SP];

diff --git a/Core/HLE/sceKernelThread.h b/Core/HLE/sceKernelThread.h
@@ -219,6 +219,7 @@ int sceKernelReferCallbackStatus(SceUID cbId, u32 statusAddr);
 class PSPAction;
 
 // Not an official Callback object, just calls a mips function on the current thread.
+// Takes ownership of afterAction.
 void __KernelDirectMipsCall(u32 entryPoint, PSPAction *afterAction, u32 args[], int numargs, bool reschedAfter);
 
 void __KernelReturnFromMipsCall();  // Called as HLE function