This problem seems to exist since the x86_64 variant of memset was improved years ago (certainly 2.11 already has the problem, as well as current git). There are several signed compares of the size argument, whereas it really is unsigned. Depending on situations e.g. a "memset(ptr, 0, -1)" segfault (but for the wrong reasons, because jumping into nirvana) or succeeds even. In normal use this is harmless, as a size with signbit set indicates more than half the address space which on x86_64 is impossible to allocate, but as the size is used to index some jump tables this potentially could have other unwanted side effects.
Created attachment 6158 [details] Patch for the problem This should fix the problems.
Thanks for the patch, submitted to git