[RTL] Protect pointer validity check in RtlFreeHeap with SEH.

Fixes crash in kernel32_winetest:heap.

sdk/lib/rtl/heap.c

@@ -2180,16 +2180,12 @@ BOOLEAN NTAPI RtlFreeHeap(
     if (RtlpHeapIsSpecial(Flags))
         return RtlDebugFreeHeap(Heap, Flags, Ptr);
 
-    /* Lock if necessary */
-    if (!(Flags & HEAP_NO_SERIALIZE))
-    {
-        RtlEnterHeapLock(Heap->LockVariable, TRUE);
-        Locked = TRUE;
-    }
-
     /* Get pointer to the heap entry */
     HeapEntry = (PHEAP_ENTRY)Ptr - 1;
 
+    /* Protect with SEH in case the pointer is not valid */
+    _SEH2_TRY
+    {
         /* Check this entry, fail if it's invalid */
         if (!(HeapEntry->Flags & HEAP_ENTRY_BUSY) ||
             (((ULONG_PTR)Ptr & 0x7) != 0) ||
@@ -2198,10 +2194,22 @@ BOOLEAN NTAPI RtlFreeHeap(
             /* This is an invalid block */
             DPRINT1("HEAP: Trying to free an invalid address %p!\n", Ptr);
             RtlSetLastWin32ErrorAndNtStatusFromNtStatus(STATUS_INVALID_PARAMETER);
+            _SEH2_YIELD(return FALSE);
+        }
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        /* The pointer was invalid */
+        DPRINT1("HEAP: Trying to free an invalid address %p!\n", Ptr);
+        RtlSetLastWin32ErrorAndNtStatusFromNtStatus(STATUS_INVALID_PARAMETER);
+        _SEH2_YIELD(return FALSE);
+    }
 
-        /* Release the heap lock */
+    /* Lock if necessary */
-        if (Locked) RtlLeaveHeapLock(Heap->LockVariable);
+    if (!(Flags & HEAP_NO_SERIALIZE))
-        return FALSE;
+    {
+        RtlEnterHeapLock(Heap->LockVariable, TRUE);
+        Locked = TRUE;
     }
 
     if (HeapEntry->Flags & HEAP_ENTRY_VIRTUAL_ALLOC)