--- a/ChangeLog	Sat Dec 24 18:21:59 2016 +0100
+++ b/ChangeLog	Thu Dec 29 01:16:51 2016 -0800
@@ -1,3 +1,9 @@
+2016-12-29  Paul Eggert  <eggert@cs.ucla.edu>
+
+	xalloc: x2nrealloc check for ptrdiff_t overflow
+	* lib/xalloc.h (x2nrealloc): Check for ptrdiff_t overflow, too.
+	* modules/xalloc, modules/xvasprintf (Depends-on): Add stdint.
+
 2016-12-24  Bruno Haible  <bruno@clisp.org>
 
 	lock test: Fix performance problem on multi-core machines.

--- a/lib/xalloc.h	Sat Dec 24 18:21:59 2016 +0100
+++ b/lib/xalloc.h	Thu Dec 29 01:16:51 2016 -0800
@@ -19,6 +19,7 @@
 #define XALLOC_H_
 
 #include <stddef.h>
+#include <stdint.h>
 
 #include "xalloc-oversized.h"
 
@@ -197,10 +198,11 @@
   else
     {
       /* Set N = floor (1.5 * N) + 1 so that progress is made even if N == 0.
-         Check for overflow, so that N * S stays in size_t range.
-         The check may be slightly conservative, but an exact check isn't
-         worth the trouble.  */
-      if ((size_t) -1 / 3 * 2 / s <= n)
+         Check for overflow, so that N * S stays in both ptrdiff_t and
+         size_t range.  The check may be slightly conservative, but an
+         exact check isn't worth the trouble.  */
+      if ((PTRDIFF_MAX < SIZE_MAX ? PTRDIFF_MAX : SIZE_MAX) / 3 * 2 / s
+          <= n)
         xalloc_die ();
       n += n / 2 + 1;
     }

--- a/modules/xalloc	Sat Dec 24 18:21:59 2016 +0100
+++ b/modules/xalloc	Thu Dec 29 01:16:51 2016 -0800
@@ -8,6 +8,7 @@
 
 Depends-on:
 extern-inline
+stdint
 xalloc-die
 xalloc-oversized
 

--- a/modules/xvasprintf	Sat Dec 24 18:21:59 2016 +0100
+++ b/modules/xvasprintf	Thu Dec 29 01:16:51 2016 -0800
@@ -17,6 +17,7 @@
 xalloc-die
 xsize
 stdarg
+stdint
 errno
 
 configure.ac: