diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index ccb4a8212..a886bf189 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,11 @@
+2001-10-20  Christopher Faylor  <cgf@redhat.com>
+
+	* miscfuncs.cc (+__check_invalid_read_ptr_errno): New function.
+	* syscalls.c (_write): Validate that write buffer is accessible for
+	reading, not writing.
+	* winsup.h: Declare new function, increase regparmization of check_*
+	functions.
+
 2001-10-19  Corinna Vinschen  <corinna@vinschen.de>
 
 	* path.cc (getcwd): Allow len == 0 when buf == NULL.
diff --git a/winsup/cygwin/miscfuncs.cc b/winsup/cygwin/miscfuncs.cc
index c5d46fbf0..63b05d975 100644
--- a/winsup/cygwin/miscfuncs.cc
+++ b/winsup/cygwin/miscfuncs.cc
@@ -153,3 +153,12 @@ __check_null_invalid_struct_errno (const void *s, unsigned sz)
     set_errno (__err);
   return __err;
 }
+
+int __stdcall
+__check_invalid_read_ptr_errno (const void *s, unsigned sz)
+{
+  if (!s || IsBadReadPtr ((void *) s, sz))
+    set_errno (EFAULT);
+
+  return 0;
+}
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 70d66dd59..1fa7c37ee 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -344,7 +344,7 @@ _read (int fd, void *ptr, size_t len)
 extern "C" ssize_t
 _write (int fd, const void *ptr, size_t len)
 {
-  if (__check_null_invalid_struct_errno (ptr, len))
+  if (__check_invalid_read_ptr_errno (ptr, len))
     return -1;
 
   int res = -1;
diff --git a/winsup/cygwin/winsup.h b/winsup/cygwin/winsup.h
index f244891b6..3fbe9d32f 100644
--- a/winsup/cygwin/winsup.h
+++ b/winsup/cygwin/winsup.h
@@ -191,8 +191,9 @@ void set_console_handler ();
 
 int __stdcall check_null_empty_str (const char *name) __attribute__ ((regparm(1)));
 int __stdcall check_null_empty_str_errno (const char *name) __attribute__ ((regparm(1)));
-int __stdcall __check_null_invalid_struct (const void *s, unsigned sz) __attribute__ ((regparm(1)));
-int __stdcall __check_null_invalid_struct_errno (const void *s, unsigned sz) __attribute__ ((regparm(1)));
+int __stdcall __check_null_invalid_struct (const void *s, unsigned sz) __attribute__ ((regparm(2)));
+int __stdcall __check_null_invalid_struct_errno (const void *s, unsigned sz) __attribute__ ((regparm(2)));
+int __stdcall __check_invalid_read_ptr_errno (const void *s, unsigned sz) __attribute__ ((regparm(2)));
 
 #define check_null_invalid_struct(s) \
   __check_null_invalid ((s), sizeof (*(s)))