Index: loader/ldt_keeper.c
===================================================================
--- loader/ldt_keeper.c	(revision 30526)
+++ loader/ldt_keeper.c	(working copy)
@@ -271,6 +271,9 @@
 	    printf("Couldn't install fs segment, expect segfault\n");
 	}
     }
+#elif defined(__OS2__)
+    /* convert flat addr to sel idx for LDT_SEL() */
+    fs_ldt = (uintptr_t)fs_seg >> 16;
 #endif

     Setup_FS_Segment();
Index: loader/module.c
===================================================================
--- loader/module.c	(revision 30526)
+++ loader/module.c	(working copy)
@@ -744,6 +744,52 @@

 #ifdef EMU_QTX_API

+#ifdef __OS2__
+uint32_t _System DosQueryMem(void *, uint32_t *, uint32_t *);
+#endif
+
+static int is_invalid_ptr(void *p)
+{
+#ifdef __OS2__
+    uint32_t cb = 1;
+    uint32_t fl;
+
+    if(DosQueryMem(p, &cb, &fl))
+        return 1;
+
+#ifdef DEBUG_QTX_API
+    printf("addr = %p, cb = %d, fl = %08X : ", p, cb, fl);
+    if(fl & 0x10)
+        printf("COMMIT ");
+    if(fl & 0x2000 )
+        printf("SHARED ");
+    if(fl & 0x4000)
+        printf("FREE ");
+    if(fl & 0x10000)
+        printf("BASE ");
+    if(fl & 0x01)
+        printf("READ ");
+    if(fl & 0x02)
+        printf("WRITE ");
+    if(fl & 0x04)
+        printf("EXEC ");
+    if(fl & 0x08)
+        printf("GUARD ");
+    printf("\n");
+#endif
+
+    // Occasionally, ptr with 'EXEC' attr is passed.
+    // On OS/2, however, malloc() never sets 'EXEC' attr.
+    // So ptr with 'EXEC' attr is invalid.
+    if(fl & 0x04)
+        return 1;
+
+    return 0;
+#else
+    return (uint32_t)p >= 0x60000000;
+#endif
+}
+
 static uint32_t ret_array[4096];
 static int ret_i=0;

@@ -758,6 +804,7 @@
   int plen=-1;
   // find the code:

+#ifndef __OS2__
   dptr=0x62b67ae0;dptr+=2*((reg->eax>>16)&255);
 //  printf("FUNC: flag=%d ptr=%p\n",dptr[0],dptr[1]);
   if(dptr[0]&255){
@@ -792,6 +839,7 @@
 	  pwrapper=dptr[1];
       }
   }
+#endif

   for(i=0;qt_fv_list[i].name;i++){
           if(qt_fv_list[i].id==reg->eax){
@@ -844,10 +892,10 @@
 #endif
       return 1;
   case 0x15002f: //DisposePtr
-      if(((uint32_t *)stack_base)[1]>=0x60000000)
+      if(is_invalid_ptr(((void **)stack_base)[1]))
           printf("WARNING! Invalid Ptr handle!\n");
       else
-          free((void *)((uint32_t *)stack_base)[1]);
+          free(((void **)stack_base)[1]);
       reg->eax=0;
 #ifdef DEBUG_QTX_API
       printf("%*sLEAVE(%d): EMULATED! 0x%X\n",ret_i*2,"",ret_i, reg->eax);