> 
> what would be the effects of this bug?
> 

Well,
copyinstr(src,dest,len...)

it would grab the lower word of dest as the LSW of the length longword
so basically 2 things can happen:

1) you could overwrite your buffer.
or worse
2) len is < 65525 (as is the case most of the time)

If len is < 65535 then the MSW of `len' is 0 and thus the max
ammount of bytes copied would be the lower 16 bits of the destiantion
address and could very well be much less than the string you wanted to
copy. 

Where did it hit us?  in exec'ing /sbin/init, panic, init died.  It
would happen depending on the amount of memory on the system.

Chris.

------------------------------------------------------------------------------