From 3d9d976aa476b1c1098359a1215ad1cabd022d33 Mon Sep 17 00:00:00 2001
From: Philipp Stephani <phst@google.com>
Date: Mon, 5 Jun 2017 22:09:00 +0200
Subject: [PATCH] Fix undefined behavior in mapbacktrace

* src/eval.c (Fmapbacktrace): Don't assume that PDL is still valid.
---
 src/eval.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/eval.c b/src/eval.c
index ef961046bcf..8f293c9d300 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -3613,8 +3613,12 @@ returns nil.  */)
 
   while (backtrace_p (pdl))
     {
+      ptrdiff_t i = pdl - specpdl;
       backtrace_frame_apply (function, pdl);
-      pdl = backtrace_next (pdl);
+      /* Beware! PDL is no longer valid here because FUNCTION might
+         have caused grow_specpdl to reallocate pdlvec.  We must use
+         the saved index, cf. Bug#27258.  */
+      pdl = backtrace_next (&specpdl[i]);
     }
 
   return Qnil;
-- 
2.39.2