diff --git a/dlls/kernel32/heap.c b/dlls/kernel32/heap.c
index b526af0..4c63a6c 100644
--- a/dlls/kernel32/heap.c
+++ b/dlls/kernel32/heap.c
@@ -818,6 +818,12 @@ SIZE_T WINAPI GlobalSize(HGLOBAL hmem)
       RtlLockHeap(GetProcessHeap());
       pintern=HANDLE_TO_INTERN(hmem);
 
+      if (IsBadReadPtr(pintern, 1))
+      {
+         SetLastError(ERROR_INVALID_HANDLE);
+         return 0;
+      }
+
       if(pintern->Magic==MAGIC_GLOBAL_USED)
       {
          if (!pintern->Pointer) /* handle case of GlobalAlloc( ??,0) */
diff --git a/dlls/kernel32/tests/heap.c b/dlls/kernel32/tests/heap.c
old mode 100644
new mode 100755
index 34393e8..2939862
--- a/dlls/kernel32/tests/heap.c
+++ b/dlls/kernel32/tests/heap.c
@@ -197,6 +197,13 @@ START_TEST(heap)
     res = GlobalUnlock(gbl);
     ok(res == 1, "Expected 1, got %d\n", res);
 
+    /* GlobalSize on an invalid handle */
+    SetLastError(MAGIC_DEAD);
+    size = GlobalSize((HGLOBAL)0xc042);
+    ok(size == 0, "Expected 0, got %ld\n", size);
+    ok(GetLastError() == ERROR_INVALID_HANDLE,
+       "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
+
     /* ####################################### */
     /* Local*() functions */
     gbl = LocalAlloc(LMEM_MOVEABLE, 0);
-- 
1.4.4.2