2 files changed, 11 insertions, 4 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index 46d2cdb82f7..662d03aaf3d 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* region-cache.c (move_cache_gap): Check for size calculation overflow.
+
 	* process.c (Fnetwork_interface_list): Check for overflow
 	in size calculation.
 
diff --git a/src/region-cache.c b/src/region-cache.c
index d701f4d71b0..e6cec96171d 100644
--- a/src/region-cache.c
+++ b/src/region-cache.c
@@ -247,11 +247,16 @@ move_cache_gap (struct region_cache *c, EMACS_INT pos, EMACS_INT min_size)
   if (gap_len < min_size)
     {
       EMACS_INT i;
+      ptrdiff_t cache_len_max =
+	min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->boundaries;
+      ptrdiff_t min_size_max = cache_len_max - c->cache_len;
 
-      /* Always make at least NEW_CACHE_GAP elements, as long as we're
-         expanding anyway.  */
-      if (min_size < NEW_CACHE_GAP)
-        min_size = NEW_CACHE_GAP;
+      if (min_size_max < min_size)
+	memory_full (SIZE_MAX);
+
+      /* Unless running out of space, make at least NEW_CACHE_GAP
+         elements, as long as we're expanding anyway.  */
+      min_size = max (min_size, min (min_size_max, NEW_CACHE_GAP));
 
       c->boundaries =
         (struct boundary *) xrealloc (c->boundaries,