--- np2/i386c/ia32/ctrlxfer.c	2012/02/05 06:31:44	1.25
+++ np2/i386c/ia32/ctrlxfer.c	2012/06/18 14:30:27	1.27
@@ -646,7 +646,7 @@ CALLfar_pm_call_gate_more_privilege(cons
 	} else {
 		stacksize += param_count * 2;
 	}
-	cpu_stack_push_check(ss_sel.idx, &ss_sel.desc, new_esp, stacksize);
+	cpu_stack_push_check(ss_sel.idx, &ss_sel.desc, new_esp, stacksize, ss_sel.desc.d);
 
 	if (callgate_sel->desc.type == CPU_SYSDESC_TYPE_CALL_32) {
 		/* dump param */
@@ -1364,10 +1364,6 @@ IRET_pm_return_to_vm86(UINT16 new_cs, UI
 	}
 	SS_POP_CHECK(sp, 36);
 
-	if (new_ip > 0xffff) {
-		EXCEPTION(GP_EXCEPTION, 0);
-	}
-
 	new_sp = cpu_vmemoryread_d(CPU_SS_INDEX, sp + 12);
 	segsel[CPU_SS_INDEX] = cpu_vmemoryread_w(CPU_SS_INDEX, sp + 16);
 	segsel[CPU_ES_INDEX] = cpu_vmemoryread_w(CPU_SS_INDEX, sp + 20);
@@ -1381,7 +1377,7 @@ IRET_pm_return_to_vm86(UINT16 new_cs, UI
 	}
 
 	CPU_ESP = new_sp;
-	CPU_EIP = new_ip;
+	CPU_EIP = new_ip & 0xffff;
 
 	/* to VM86 mode */
 	set_eflags(new_flags, IOPL_FLAG|I_FLAG|VM_FLAG|RF_FLAG);