diff --git a/ntoskrnl/include/internal/i386/ke.h b/ntoskrnl/include/internal/i386/ke.h index 81194e91e0eb9..96c8173cea470 100644 --- a/ntoskrnl/include/internal/i386/ke.h +++ b/ntoskrnl/include/internal/i386/ke.h @@ -733,6 +733,8 @@ PFX_SAVE_AREA KiGetThreadNpxArea(IN PKTHREAD Thread) { ASSERT((ULONG_PTR)Thread->InitialStack % 16 == 0); + if ((ULONG_PTR)Thread->InitialStack < sizeof(FX_SAVE_AREA)) + return NULL; return (PFX_SAVE_AREA)((ULONG_PTR)Thread->InitialStack - sizeof(FX_SAVE_AREA)); } diff --git a/ntoskrnl/ke/i386/cpu.c b/ntoskrnl/ke/i386/cpu.c index 3146bcf995b8a..0524757d39c18 100644 --- a/ntoskrnl/ke/i386/cpu.c +++ b/ntoskrnl/ke/i386/cpu.c @@ -1283,7 +1283,8 @@ KiFlushNPXState(IN PFLOATING_SAVE_AREA SaveArea) { /* Get the FX frame and store the state there */ FxSaveArea = KiGetThreadNpxArea(NpxThread); - Ke386FxSave(FxSaveArea); + if (FxSaveArea) + Ke386FxSave(FxSaveArea); /* NPX thread has lost its state */ NpxThread->NpxState = NPX_STATE_NOT_LOADED; @@ -1291,7 +1292,8 @@ KiFlushNPXState(IN PFLOATING_SAVE_AREA SaveArea) /* Now load NPX state from the NPX area */ FxSaveArea = KiGetThreadNpxArea(Thread); - Ke386FxStore(FxSaveArea); + if (FxSaveArea) + Ke386FxStore(FxSaveArea); } else { @@ -1308,7 +1310,7 @@ KiFlushNPXState(IN PFLOATING_SAVE_AREA SaveArea) Thread->NpxState = NPX_STATE_NOT_LOADED; /* Save state if supported by CPU */ - if (KeI386FxsrPresent) Ke386FxSave(FxSaveArea); + if (KeI386FxsrPresent && FxSaveArea) Ke386FxSave(FxSaveArea); } /* Now save the FN state wherever it was requested */ @@ -1447,13 +1449,15 @@ KeSaveFloatingPointState( { /* Get the FX frame */ FxSaveAreaFrame = KiGetThreadNpxArea(CurrentPrcb->NpxThread); + if (FxSaveAreaFrame) + { + /* Save the FPU state */ + Ke386SaveFpuState(FxSaveAreaFrame); - /* Save the FPU state */ - Ke386SaveFpuState(FxSaveAreaFrame); - - /* NPX thread has lost its state */ - CurrentPrcb->NpxThread->NpxState = NPX_STATE_NOT_LOADED; - FxSaveAreaFrame->NpxSavedCpu = 0; + /* NPX thread has lost its state */ + CurrentPrcb->NpxThread->NpxState = NPX_STATE_NOT_LOADED; + FxSaveAreaFrame->NpxSavedCpu = 0; + } } /* The new NPX thread is the current thread */ diff --git a/ntoskrnl/ke/i386/traphdlr.c b/ntoskrnl/ke/i386/traphdlr.c index db25cfc066109..852a70c6ffe66 100644 --- a/ntoskrnl/ke/i386/traphdlr.c +++ b/ntoskrnl/ke/i386/traphdlr.c @@ -760,7 +760,8 @@ KiTrap07Handler(IN PKTRAP_FRAME TrapFrame) NpxSaveArea = KiGetThreadNpxArea(NpxThread); /* Save FPU state */ - Ke386SaveFpuState(NpxSaveArea); + if (NpxSaveArea) + Ke386SaveFpuState(NpxSaveArea); /* Update NPX state */ NpxThread->NpxState = NPX_STATE_NOT_LOADED;