--- np2/i386c/ia32/exception.c	2011/12/20 01:17:30	1.26
+++ np2/i386c/ia32/exception.c	2011/12/21 16:27:10	1.29
@@ -380,6 +380,12 @@ interrupt_task_gate(const descriptor_t *
 	if (errorp) {
 		XPUSH0(error_code);
 	}
+
+	/* out of range */
+	if (CPU_EIP > CPU_STAT_CS_LIMIT) {
+		VERBOSE(("interrupt: new_ip is out of range. new_ip = %08x, limit = %08x", CPU_EIP, CPU_STAT_CS_LIMIT));
+		EXCEPTION(GP_EXCEPTION, 0);
+	}
 }
 
 static void
@@ -424,7 +430,7 @@ interrupt_intr_or_trap(const descriptor_
 		break;
 	}
 
-	exc_errcode = cs_sel.idx;
+	exc_errcode = gsdp->u.gate.selector & ~3;
 	if (intrtype == INTR_TYPE_EXTINTR)
 		exc_errcode++;
 
@@ -578,7 +584,7 @@ interrupt_intr_or_trap(const descriptor_
 			EXCEPTION(GP_EXCEPTION, exc_errcode);
 		}
 		if (!SEG_IS_CONFORMING_CODE(&cs_sel.desc) && (cs_sel.desc.dpl != CPU_STAT_CPL)) {
-			VERBOSE(("interrupt: %sCONFORMING-CODE-SEGMENT(%s) && DPL[CS](%d) != CPL", SEG_IS_CONFORMING_CODE(&cs_sel.desc) ? "" : "NON-", cs_sel.desc.dpl, CPU_STAT_CPL));
+			VERBOSE(("interrupt: %sCONFORMING-CODE-SEGMENT(%d) && DPL[CS](%d) != CPL", SEG_IS_CONFORMING_CODE(&cs_sel.desc) ? "" : "NON-", cs_sel.desc.dpl, CPU_STAT_CPL));
 			EXCEPTION(GP_EXCEPTION, exc_errcode);
 		}