diff --git a/ntoskrnl/include/internal/kd.h b/ntoskrnl/include/internal/kd.h
index 9bb744319a1..05179ea6d35 100644
--- a/ntoskrnl/include/internal/kd.h
+++ b/ntoskrnl/include/internal/kd.h
@@ -193,8 +193,8 @@ KdpCallGdb(
 ULONG
 NTAPI
 KdpPrintString(
-    LPSTR String,
-    ULONG Length);
+    _In_reads_bytes_(Length) PCHAR UnsafeString,
+    _In_ ULONG Length);
 
 ULONG
 NTAPI
diff --git a/ntoskrnl/kd/kdio.c b/ntoskrnl/kd/kdio.c
index 8dc3366f034..3fedfd7ca5b 100644
--- a/ntoskrnl/kd/kdio.c
+++ b/ntoskrnl/kd/kdio.c
@@ -567,14 +567,38 @@ KdpScreenInit(PKD_DISPATCH_TABLE DispatchTable,
 
 ULONG
 NTAPI
-KdpPrintString(LPSTR String,
-               ULONG Length)
+KdpPrintString(
+    _In_reads_bytes_(Length) PCHAR UnsafeString,
+    _In_ ULONG Length)
 {
     PLIST_ENTRY CurrentEntry;
     PKD_DISPATCH_TABLE CurrentTable;
+    PCHAR String;
 
     if (!KdpDebugMode.Value) return 0;
 
+    Length = min(Length, 512);
+
+    if (ExGetPreviousMode() != KernelMode)
+    {
+        _SEH2_TRY
+        {
+            ProbeForRead(UnsafeString, Length, 1);
+            String = _alloca(Length + 1);
+            RtlCopyMemory(String, UnsafeString, Length);
+            String[Length] = ANSI_NULL;
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            return 0;
+        }
+        _SEH2_END;
+    }
+    else
+    {
+        String = UnsafeString;
+    }
+
     /* Call the registered handlers */
     CurrentEntry = KdProviders.Flink;
     while (CurrentEntry != &KdProviders)