Fuzzing NtGdiDdDDICreateDCFromMemory with ROCALL causes BSoD



Entered debugger on last-chance exception (Exception Code: 0xc0000005) (Page Fault)

Memory at 0x7FFFFFFF could not be accessed

kdb:> bt

Eip:

<win32k.sys:20fa0 (win32ss/reactx/ntddraw/d3dkmt.c:45 (NtGdiDdDDICreateDCFromMemory))>

Frames:

<ntoskrnl.exe:3fe5 (:0 (KiSystemCallTrampoline))>

<ntoskrnl.exe:14e739 (ntoskrnl/ke/i386/traphdlr.c:1840 (KiSystemServiceHandler))>

<ntoskrnl.exe:3e2f (:0 (KiFastCallEntry))>

<ntdll.dll:10181>

<ROCALL_checked.exe:1203>

<kernel32.dll:1c97b>

kdb:> cont*** Fatal System Error: 0x0000001e

                       (0xC0000005,0xF9488FA0,0xF8E5DC54,0x00000000)

Entered debugger on embedded INT3 at 0x0008:0x8058B77B.

kdb:> bt

Eip:

<ntoskrnl.exe:18b77c (home/runner/work/reactos/reactos/build/../src/sdk/lib/rtl/i386/debug_asm.S:56 (RtlpBreakWithStatusInstruction))>

Frames:

<ntoskrnl.exe:8c329 (ntoskrnl/ke/bug.c:1066 (KeBugCheckWithTf))>

<ntoskrnl.exe:8c893 (ntoskrnl/ke/bug.c:1413 (KeBugCheckEx))>

<ntoskrnl.exe:1487f0 (ntoskrnl/ke/i386/exp.c:888 (KiDispatchException))>

<ntoskrnl.exe:148c1e (ntoskrnl/ke/i386/exp.c:1081 (KiDispatchExceptionFromTrapFrame))>

<ntoskrnl.exe:14da65 (ntoskrnl/include/internal/i386/ke.h:759 (KiTrap0EHandler))>

<ntoskrnl.exe:36ae (:0 (KiTrap0E))>

<win32k.sys:20f9b (win32ss/reactx/ntddraw/d3dkmt.c:16 (NtGdiDdDDICreateDCFromMemory))>

<ntoskrnl.exe:3fe5 (:0 (KiSystemCallTrampoline))>

<ntoskrnl.exe:14e739 (ntoskrnl/ke/i386/traphdlr.c:1840 (KiSystemServiceHandler))>

<ntoskrnl.exe:3e2f (:0 (KiFastCallEntry))>

<ntdll.dll:10181>

<ROCALL_checked.exe:1203>

<kernel32.dll:1c97b>

kdb:>