untrusted comment: signature from openbsd 5.8 base secret key
RWQNNZXtC/MqP/8VjKpE4C/yLtfMvtY3enjhxae87OyRoZBWvhLqpjZWDSc21uSkbzGc3KZldrK4572exq2+9jL784gvjFfiNg4=

OpenBSD 5.8 errata 23, Jul 14, 2016:

Unchecked parameters and integer overflows in the amap allocation routines
could cause malloc(9) to either not allocate enough memory, leading to memory
corruption, or to trigger a "malloc: allocation too large" panic.

Apply by doing:
    signify -Vep /etc/signify/openbsd-58-base.pub -x 023_amap.patch.sig \
	-m - | (cd /usr/src && patch -p0)

And then rebuild and install a kernel:
    cd /usr/src/sys/arch/`machine`/conf
    KK=`sysctl -n kern.osversion | cut -d# -f1`
    config $KK
    cd ../compile/$KK
    make
    make install

Index: sys/uvm/uvm_amap.c
===================================================================
RCS file: /cvs/src/sys/uvm/uvm_amap.c,v
retrieving revision 1.58
diff -u -p -r1.58 uvm_amap.c
--- sys/uvm/uvm_amap.c	23 Dec 2014 04:56:47 -0000	1.58
+++ sys/uvm/uvm_amap.c	14 Jul 2016 15:15:28 -0000
@@ -35,6 +35,7 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/stdint.h>
 #include <sys/malloc.h>
 #include <sys/kernel.h>
 #include <sys/pool.h>
@@ -165,15 +166,29 @@ static inline struct vm_amap *
 amap_alloc1(int slots, int padslots, int waitf)
 {
 	struct vm_amap *amap;
-	int totalslots;
+	size_t totalslots = (size_t)slots + padslots;
 
 	amap = pool_get(&uvm_amap_pool, (waitf == M_WAITOK) ? PR_WAITOK
 	    : PR_NOWAIT);
 	if (amap == NULL)
 		return(NULL);
 
-	totalslots = malloc_roundup((slots + padslots) * MALLOC_SLOT_UNIT) /
+	/*
+	 * Make sure that totalslots * MALLOC_SLOT_UNIT is within
+	 * a size_t, AND: since malloc_roundup may round its argument
+	 * to a multiple of the PAGE_SIZE, make sure that malloc_roundup
+	 * cannot wrap totalslots * MALLOC_SLOT_UNIT to zero.
+	 */
+	if (totalslots >= (trunc_page(SIZE_MAX) / MALLOC_SLOT_UNIT))
+		return (NULL);
+
+	totalslots = malloc_roundup(totalslots * MALLOC_SLOT_UNIT) /
 	    MALLOC_SLOT_UNIT;
+	if (totalslots > INT_MAX)
+		return (NULL);
+
+	KASSERT(totalslots > 0);
+
 	amap->am_ref = 1;
 	amap->am_flags = 0;
 #ifdef UVM_AMAP_PPREF
@@ -183,7 +198,7 @@ amap_alloc1(int slots, int padslots, int
 	amap->am_nslot = slots;
 	amap->am_nused = 0;
 
-	amap->am_slots = malloc(totalslots * MALLOC_SLOT_UNIT, M_UVMAMAP,
+	amap->am_slots = mallocarray(totalslots, MALLOC_SLOT_UNIT, M_UVMAMAP,
 	    waitf);
 	if (amap->am_slots == NULL)
 		goto fail1;
@@ -210,10 +225,14 @@ struct vm_amap *
 amap_alloc(vaddr_t sz, vaddr_t padsz, int waitf)
 {
 	struct vm_amap *amap;
-	int slots, padslots;
+	size_t slots, padslots;
 
 	AMAP_B2SLOT(slots, sz);		/* load slots */
 	AMAP_B2SLOT(padslots, padsz);
+
+	/* Ensure that slots + padslots <= INT_MAX */
+	if (slots > INT_MAX || padslots > INT_MAX - slots)
+		return (NULL);
 
 	amap = amap_alloc1(slots, padslots, waitf);
 	if (amap) {