Index: sys/kern/imgact_elf.c
===================================================================
--- sys/kern/imgact_elf.c
+++ sys/kern/imgact_elf.c
@@ -1098,11 +1098,14 @@
 __elfN(freebsd_fixup)(register_t **stack_base, struct image_params *imgp)
 {
 	Elf_Auxargs *args = (Elf_Auxargs *)imgp->auxargs;
+	Elf_Auxinfo argarray[AT_COUNT], *pos;
 	Elf_Addr *base;
-	Elf_Addr *pos;
+	Elf_Addr *auxbase;
+	int error;
 
 	base = (Elf_Addr *)*stack_base;
-	pos = base + (imgp->args->argc + imgp->args->envc + 2);
+	auxbase = base + (imgp->args->argc + 1 + imgp->args->envc + 1);
+	pos = &argarray[0];
 
 	if (args->execfd != -1)
 		AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
@@ -1143,8 +1146,13 @@
 	free(imgp->auxargs, M_TEMP);
 	imgp->auxargs = NULL;
 
+	error = copyout(&argarray[0], auxbase, sizeof(argarray));
+	if (error != 0)
+		return (error);
+
 	base--;
-	suword(base, (long)imgp->args->argc);
+	if (suword(base, (long)imgp->args->argc) == -1)
+		return (EFAULT);
 	*stack_base = (register_t *)base;
 	return (0);
 }
Index: sys/kern/kern_exec.c
===================================================================
--- sys/kern/kern_exec.c
+++ sys/kern/kern_exec.c
@@ -691,9 +691,12 @@
 	 * Else stuff argument count as first item on stack
 	 */
 	if (p->p_sysent->sv_fixup != NULL)
-		(*p->p_sysent->sv_fixup)(&stack_base, imgp);
+		error = (*p->p_sysent->sv_fixup)(&stack_base, imgp);
 	else
-		suword(--stack_base, imgp->args->argc);
+		error = (suword(--stack_base, imgp->args->argc) == 0) ?
+		    0 : EFAULT;
+	if (error != 0)
+		goto exec_fail_dealloc;
 
 	if (args->fdp != NULL) {
 		/* Install a brand new file descriptor table. */
Index: sys/sys/imgact_elf.h
===================================================================
--- sys/sys/imgact_elf.h
+++ sys/sys/imgact_elf.h
@@ -37,7 +37,8 @@
 
 #ifdef _KERNEL
 
-#define	AUXARGS_ENTRY(pos, id, val) {suword(pos++, id); suword(pos++, val);}
+#define	AUXARGS_ENTRY(pos, id, val) \
+    {(pos)->a_type = (id); (pos)++->a_un.a_val = (val);}
 
 struct image_params;
 struct thread;