Index: amd64/machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amd64/amd64/machdep.c,v
retrieving revision 1.182
diff -p -r1.182 machdep.c
*** amd64/machdep.c	29 Apr 2012 21:54:51 -0000	1.182
--- amd64/machdep.c	29 Apr 2012 22:23:41 -0000
*************** sendsig_siginfo(const ksiginfo_t *ksi, c
*** 711,716 ****
--- 711,726 ----
  	/* Remember that we're now on the signal stack. */
  	if (onstack)
  		l->l_sigstk.ss_flags |= SS_ONSTACK;
+ 
+ 	if ((vaddr_t)catcher >= VM_MAXUSER_ADDRESS) {
+ 		/*
+ 		 * Process has given an invalid address for the handler.
+ 		 * Stop it, but do not do it before so we can return the
+ 		 * right info to userland (or in core dump).
+ 		 */
+ 		sigexit(l, SIGILL);
+ 		/* NOTREACHED */
+ 	}
  }
  
  struct pcb dumppcb;
Index: amd64/netbsd32_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amd64/amd64/netbsd32_machdep.c,v
retrieving revision 1.75
diff -p -r1.75 netbsd32_machdep.c
*** amd64/netbsd32_machdep.c	19 Feb 2012 21:06:01 -0000	1.75
--- amd64/netbsd32_machdep.c	29 Apr 2012 22:23:41 -0000
*************** netbsd32_sendsig_sigcontext(const ksigin
*** 279,284 ****
--- 279,294 ----
  	/* Remember that we're now on the signal stack. */
  	if (onstack)
  		l->l_sigstk.ss_flags |= SS_ONSTACK;
+ 
+ 	if ((vaddr_t)catcher >= VM_MAXUSER_ADDRESS32) {
+ 		/*
+ 		 * Process has given an invalid address for the handler.
+ 		 * Stop it, but do not do it before so we can return the
+ 		 * right info to userland (or in core dump).
+ 		 */
+ 		sigexit(l, SIGILL);
+ 		/* NOTREACHED */
+ 	}
  }
  #endif
  
*************** netbsd32_sendsig_siginfo(const ksiginfo_
*** 367,372 ****
--- 377,392 ----
  	/* Remember that we're now on the signal stack. */
  	if (onstack)
  		l->l_sigstk.ss_flags |= SS_ONSTACK;
+ 
+ 	if ((vaddr_t)catcher >= VM_MAXUSER_ADDRESS32) {
+ 		/*
+ 		 * Process has given an invalid address for the handler.
+ 		 * Stop it, but do not do it before so we can return the
+ 		 * right info to userland (or in core dump).
+ 		 */
+ 		sigexit(l, SIGILL);
+ 		/* NOTREACHED */
+ 	}
  }
  
  void