diff --git a/Kernel/Process.h b/Kernel/Process.h
index 0cc9418d75..f9e04a7fc1 100644
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@@ -355,7 +355,7 @@ public:
     ErrorOr<FlatPtr> sys$sigtimedwait(Userspace<sigset_t const*>, Userspace<siginfo_t*>, Userspace<timespec const*>);
     ErrorOr<FlatPtr> sys$getgroups(size_t, Userspace<gid_t*>);
     ErrorOr<FlatPtr> sys$setgroups(size_t, Userspace<gid_t const*>);
-    ErrorOr<FlatPtr> sys$pipe(int pipefd[2], int flags);
+    ErrorOr<FlatPtr> sys$pipe(Userspace<int*>, int flags);
     ErrorOr<FlatPtr> sys$killpg(pid_t pgrp, int sig);
     ErrorOr<FlatPtr> sys$seteuid(UserID);
     ErrorOr<FlatPtr> sys$setegid(GroupID);
diff --git a/Kernel/Syscalls/pipe.cpp b/Kernel/Syscalls/pipe.cpp
index 365fb8c4a1..6db456e731 100644
--- a/Kernel/Syscalls/pipe.cpp
+++ b/Kernel/Syscalls/pipe.cpp
@@ -9,7 +9,7 @@
 
 namespace Kernel {
 
-ErrorOr<FlatPtr> Process::sys$pipe(int pipefd[2], int flags)
+ErrorOr<FlatPtr> Process::sys$pipe(Userspace<int*> pipefd, int flags)
 {
     VERIFY_NO_PROCESS_BIG_LOCK(this)
     TRY(require_promise(Pledge::stdio));
@@ -43,11 +43,18 @@ ErrorOr<FlatPtr> Process::sys$pipe(int pipefd[2], int flags)
     TRY(m_fds.with_exclusive([&](auto& fds) -> ErrorOr<void> {
         fds[reader_fd_allocation.fd].set(move(reader_description), fd_flags);
         fds[writer_fd_allocation.fd].set(move(writer_description), fd_flags);
+
+        int fds_for_userspace[2] = {
+            reader_fd_allocation.fd,
+            writer_fd_allocation.fd,
+        };
+        if (copy_to_user(pipefd, fds_for_userspace, sizeof(fds_for_userspace)).is_error()) {
+            fds[reader_fd_allocation.fd] = {};
+            fds[writer_fd_allocation.fd] = {};
+            return EFAULT;
+        }
         return {};
     }));
-
-    TRY(copy_to_user(&pipefd[0], &reader_fd_allocation.fd));
-    TRY(copy_to_user(&pipefd[1], &writer_fd_allocation.fd));
     return 0;
 }