http://sourceware.org/ml/gdb-cvs/2012-09/msg00068.html

### src/gdb/ChangeLog	2012/09/14 12:10:21	1.14659
### src/gdb/ChangeLog	2012/09/14 12:46:55	1.14660
## -1,3 +1,8 @@
+2012-09-14  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	* valarith.c (value_concat): Replace unsafe ALLOCA with
+	XMALLOC/XFREE.
+
 2012-09-14  Pedro Alves  <palves@redhat.com>
 
 	* gdb.1 (SEE ALSO): Expand pointer to GDB's Texinfo manual.
Index: gdb-7.5.0.20120926/gdb/valarith.c
===================================================================
--- gdb-7.5.0.20120926.orig/gdb/valarith.c	2012-11-07 22:00:41.000000000 +0100
+++ gdb-7.5.0.20120926/gdb/valarith.c	2012-11-07 22:02:18.661767281 +0100
@@ -716,9 +716,12 @@ value_concat (struct value *arg1, struct
       if (TYPE_CODE (type2) == TYPE_CODE_STRING
 	  || TYPE_CODE (type2) == TYPE_CODE_CHAR)
 	{
+	  struct cleanup *back_to;
+
 	  count = longest_to_int (value_as_long (inval1));
 	  inval2len = TYPE_LENGTH (type2);
-	  ptr = (char *) alloca (count * inval2len);
+	  ptr = (char *) xmalloc (count * inval2len);
+	  back_to = make_cleanup (xfree, ptr);
 	  if (TYPE_CODE (type2) == TYPE_CODE_CHAR)
 	    {
 	      char_type = type2;
@@ -741,6 +744,7 @@ value_concat (struct value *arg1, struct
 		}
 	    }
 	  outval = value_string (ptr, count * inval2len, char_type);
+	  do_cleanups (back_to);
 	}
       else if (TYPE_CODE (type2) == TYPE_CODE_BITSTRING
 	       || TYPE_CODE (type2) == TYPE_CODE_BOOL)
@@ -755,6 +759,8 @@ value_concat (struct value *arg1, struct
   else if (TYPE_CODE (type1) == TYPE_CODE_STRING
 	   || TYPE_CODE (type1) == TYPE_CODE_CHAR)
     {
+      struct cleanup *back_to;
+
       /* We have two character strings to concatenate.  */
       if (TYPE_CODE (type2) != TYPE_CODE_STRING
 	  && TYPE_CODE (type2) != TYPE_CODE_CHAR)
@@ -763,7 +769,8 @@ value_concat (struct value *arg1, struct
 	}
       inval1len = TYPE_LENGTH (type1);
       inval2len = TYPE_LENGTH (type2);
-      ptr = (char *) alloca (inval1len + inval2len);
+      ptr = (char *) xmalloc (inval1len + inval2len);
+      back_to = make_cleanup (xfree, ptr);
       if (TYPE_CODE (type1) == TYPE_CODE_CHAR)
 	{
 	  char_type = type1;
@@ -786,6 +793,7 @@ value_concat (struct value *arg1, struct
 	  memcpy (ptr + inval1len, value_contents (inval2), inval2len);
 	}
       outval = value_string (ptr, inval1len + inval2len, char_type);
+      do_cleanups (back_to);
     }
   else if (TYPE_CODE (type1) == TYPE_CODE_BITSTRING
 	   || TYPE_CODE (type1) == TYPE_CODE_BOOL)