--- valgrind-3.2.3/coregrind/m_syswrap/syswrap-linux.c.jj	2007-06-27 12:22:59.000000000 +0200
+++ valgrind-3.2.3/coregrind/m_syswrap/syswrap-linux.c	2007-06-27 12:37:18.000000000 +0200
@@ -1213,16 +1213,18 @@ POST(sys_io_setup)
 PRE(sys_io_destroy)
 {
    struct vki_aio_ring *r;
-   SizeT size;
-      
+   SizeT size = 0;
+
    PRINT("sys_io_destroy ( %llu )", (ULong)ARG1);
    PRE_REG_READ1(long, "io_destroy", vki_aio_context_t, ctx);
 
    // If we are going to seg fault (due to a bogus ARG1) do it as late as
    // possible...
-   r = (struct vki_aio_ring *)ARG1;
-   size = VG_PGROUNDUP(sizeof(struct vki_aio_ring) + 
-                       r->nr*sizeof(struct vki_io_event));
+   if (ML_(safe_to_deref)( (void*)ARG1, sizeof(struct vki_aio_ring))) {
+      r = (struct vki_aio_ring *)ARG1;
+      size = VG_PGROUNDUP(sizeof(struct vki_aio_ring) + 
+                          r->nr*sizeof(struct vki_io_event));
+   }
 
    SET_STATUS_from_SysRes( VG_(do_syscall1)(SYSNO, ARG1) );