From 0160b544ea71a41b778b6fcc60bafa8053115dc3 Mon Sep 17 00:00:00 2001
From: Toni Wilen <twilen@winuae.net>
Date: Sun, 2 Dec 2018 14:59:25 +0200
Subject: [PATCH] Store mmu030_state[1] in temporary variable because stack
 frame writing can modify it if SP is unaligned.

---
 cpummu30.cpp | 3 ++-
 newcpu.cpp   | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/cpummu30.cpp b/cpummu30.cpp
index 94fd28be..d56c9fc3 100644
--- a/cpummu30.cpp
+++ b/cpummu30.cpp
@@ -1777,8 +1777,9 @@ void mmu030_page_fault(uaecptr addr, bool read, int flags, uae_u32 fc)
 	regs.mmu_ssw |= read ? MMU030_SSW_RW : 0;
 	regs.mmu_ssw |= flags;
 	regs.mmu_ssw |= fc;
-	// store in wb3_data because stack frame creation may modify data buffer.
+	// temporary store in 68040+ variables because stack frame creation may modify them.
 	regs.wb3_data = mmu030_data_buffer_out;
+	regs.wb2_address = mmu030_state[1];
     bBusErrorReadWrite = read; 
 	mm030_stageb_address = addr;
 
diff --git a/newcpu.cpp b/newcpu.cpp
index 82246f94..d2f5ca7c 100644
--- a/newcpu.cpp
+++ b/newcpu.cpp
@@ -3235,7 +3235,7 @@ static void Exception_build_stack_frame (uae_u32 oldpc, uae_u32 currpc, uae_u32
 			m68k_areg (regs, 7) -= 2;
 			x_put_word (m68k_areg (regs, 7), mmu030_state[2]);
 			m68k_areg (regs, 7) -= 2;
-			x_put_word (m68k_areg (regs, 7), mmu030_state[1]);
+			x_put_word (m68k_areg(regs, 7), regs.wb2_address); // = mmu030_state[1]
 			m68k_areg (regs, 7) -= 2;
 			x_put_word (m68k_areg (regs, 7), mmu030_state[0]);
 			// data input buffer = fault address
-- 
2.47.3