From 57e1f47a52983ac0999b75c8aeb41c7a6228e04e Mon Sep 17 00:00:00 2001 From: Weiyi Wang Date: Sun, 4 Nov 2018 04:24:37 -0500 Subject: [PATCH] Kernel: destruct thread/timer managers after processes (#4399) Processes can keep some Thread/Timer object alive while the manager is already destructed, resulting use-after-free in Thread::Stop and Timer::dtor. To resolve this, the manager objects should be destructed after all related object destructed. Fixes a bug where quiting citra causes crash while the game is using a Timer. --- src/core/hle/kernel/kernel.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/hle/kernel/kernel.h b/src/core/hle/kernel/kernel.h index f010cd388d..f09fd99b2d 100644 --- a/src/core/hle/kernel/kernel.h +++ b/src/core/hle/kernel/kernel.h @@ -228,6 +228,9 @@ private: std::unique_ptr resource_limits; std::atomic next_object_id{0}; + std::unique_ptr thread_manager; + std::unique_ptr timer_manager; + // TODO(Subv): Start the process ids from 10 for now, as lower PIDs are // reserved for low-level services u32 next_process_id = 10; @@ -237,9 +240,6 @@ private: SharedPtr current_process; - std::unique_ptr thread_manager; - std::unique_ptr timer_manager; - std::unique_ptr config_mem_handler; std::unique_ptr shared_page_handler; };