--- git-1.6.2.4/strbuf.c.bak	2009-04-21 00:18:45.205705155 +0300
+++ git-1.6.2.4/strbuf.c	2009-04-21 00:24:52.656702856 +0300
@@ -99,7 +99,7 @@ void strbuf_tolower(struct strbuf *sb)
 
 struct strbuf **strbuf_split(const struct strbuf *sb, int delim)
 {
-	int alloc = 2, pos = 0;
+	size_t alloc = 2, pos = 0;
 	char *n, *p;
 	struct strbuf **ret;
 	struct strbuf *t;
@@ -107,10 +107,12 @@ struct strbuf **strbuf_split(const struc
 	ret = xcalloc(alloc, sizeof(struct strbuf *));
 	p = n = sb->buf;
 	while (n < sb->buf + sb->len) {
-		int len;
+		size_t len;
 		n = memchr(n, delim, sb->len - (n - sb->buf));
-		if (pos + 1 >= alloc) {
+		if (pos >= alloc - 1) {
+			if (alloc > SIZE_MAX / 2) die("Integer overflow in strbuf_split");
 			alloc = alloc * 2;
+			if (alloc > SIZE_MAX / sizeof(struct strbuf *)) die("Integer overflow in strbuf_split");
 			ret = xrealloc(ret, sizeof(struct strbuf *) * alloc);
 		}
 		if (!n)