On August 20, 2014 6:58:39 PM PDT, Paul Eggert <eggert@cs.ucla.edu> wrote:

The backtrace looks like nonsense, unfortunately, e.g., it shows two 
arguments to adjust_decode_mode_spec_buffer, a function that has just 
one argument, and it shows xrealloc being called with 
size=18446744073709551597, even though the code passed 
FRAME_MESSAGE_BUF_SIZE (f) + 1 as the size, and I don't see any way to 
get 18446744073709551597 even if overflow is taken into account.

Can you reproduce the problem?

Can you compile with '-g3 -O0' and reproduce the problem?