From a2d26660368fbe4cc7d103aad6f565e36a280fac Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 22 Mar 2011 02:08:11 -0700
Subject: [PATCH] * lisp.h (SAFE_ALLOCA, SAFE_ALLOCA_LISP): Avoid 'int'
 overflow

leading to a memory leak, possible in functions like
load_charset_map_from_file that can allocate an unbounded number
of objects.
---
 src/ChangeLog | 5 +++++
 src/lisp.h    | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index c8fa1e55695..a341d1b4678 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,10 @@
 2011-03-22  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* lisp.h (SAFE_ALLOCA, SAFE_ALLOCA_LISP): Avoid 'int' overflow
+	leading to a memory leak, possible in functions like
+	load_charset_map_from_file that can allocate an unbounded number
+	of objects.
+
 	* xmenu.c (set_frame_menubar): Use EMACS_UINT, not int, for indexes
 	that could (at least in theory) be that large.
 
diff --git a/src/lisp.h b/src/lisp.h
index 645b82c80cf..e98172ec104 100644
--- a/src/lisp.h
+++ b/src/lisp.h
@@ -3602,7 +3602,7 @@ extern Lisp_Object safe_alloca_unwind (Lisp_Object);
     else						  \
       {							  \
 	buf = (type) xmalloc (size);			  \
-	sa_must_free++;					  \
+	sa_must_free = 1;				  \
 	record_unwind_protect (safe_alloca_unwind,	  \
 			       make_save_value (buf, 0)); \
       }							  \
@@ -3632,7 +3632,7 @@ extern Lisp_Object safe_alloca_unwind (Lisp_Object);
 	buf = (Lisp_Object *) xmalloc (size_);		  \
 	arg_ = make_save_value (buf, nelt);		  \
 	XSAVE_VALUE (arg_)->dogc = 1;			  \
-	sa_must_free++;					  \
+	sa_must_free = 1;				  \
 	record_unwind_protect (safe_alloca_unwind, arg_); \
       }							  \
   } while (0)
-- 
2.39.2