untrusted comment: signature from openbsd 6.3 base secret key
RWRxzbLwAd76ZZBeqzF1vh4CouAvIzvp2RSW3v/pWTvkZOZaIeVs539CfqUQhqCszn9KhaZYsTdDOafW9nYj9pYkHIoX+tpriQg=

OpenBSD 6.3 errata 012, July 25, 2018:

A regular user could trigger a kernel panic by executing an invalid
ELF binary.

Apply by doing:
    signify -Vep /etc/signify/openbsd-63-base.pub -x 012_execsize.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install the kernel:
    KK=`sysctl -n kern.osversion | cut -d# -f1`
    cd /usr/src/sys/arch/`machine`/compile/$KK
    make obj
    make config
    make
    make install

Index: sys/kern/exec_elf.c
===================================================================
RCS file: /cvs/src/sys/kern/exec_elf.c,v
retrieving revision 1.142
diff -u -p -r1.142 exec_elf.c
--- sys/kern/exec_elf.c	30 Dec 2017 23:08:29 -0000	1.142
+++ sys/kern/exec_elf.c	23 Jul 2018 12:11:16 -0000
@@ -366,8 +366,11 @@ elf_load_file(struct proc *p, char *path
 
 	for (i = 0; i < eh.e_phnum; i++) {
 		if (ph[i].p_type == PT_LOAD) {
-			if (ph[i].p_filesz > ph[i].p_memsz)
+			if (ph[i].p_filesz > ph[i].p_memsz ||
+			    ph[i].p_memsz == 0) {
+				error = EINVAL;
 				goto bad1;
+			}
 			loadmap[idx].vaddr = trunc_page(ph[i].p_vaddr);
 			loadmap[idx].memsz = round_page (ph[i].p_vaddr +
 			    ph[i].p_memsz - loadmap[idx].vaddr);
@@ -562,7 +565,8 @@ exec_elf_makecmds(struct proc *p, struct
 			if (interp[pp->p_filesz - 1] != '\0')
 				goto bad;
 		} else if (pp->p_type == PT_LOAD) {
-			if (pp->p_filesz > pp->p_memsz) {
+			if (pp->p_filesz > pp->p_memsz ||
+			    pp->p_memsz == 0) {
 				error = EINVAL;
 				goto bad;
 			}