diff -rup vim74/src/undo.c vim74-new/src/undo.c
--- vim74/src/undo.c	2013-06-10 11:13:37.000000000 -0700
+++ vim74-new/src/undo.c	2017-03-02 11:04:53.051564315 -0800
@@ -1151,7 +1151,7 @@ unserialize_uep(fp, error, file_name)
 {
     int		i;
     u_entry_T	*uep;
-    char_u	**array;
+    char_u	**array = NULL;
     char_u	*line;
     int		line_len;
 
@@ -1168,7 +1168,8 @@ unserialize_uep(fp, error, file_name)
     uep->ue_size = get4c(fp);
     if (uep->ue_size > 0)
     {
-	array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
+	if (uep->ue_size < LONG_MAX / (int)sizeof(char_u *))
+	    array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
 	if (array == NULL)
 	{
 	    *error = TRUE;
@@ -1176,8 +1177,6 @@ unserialize_uep(fp, error, file_name)
 	}
 	vim_memset(array, 0, sizeof(char_u *) * uep->ue_size);
     }
-    else
-	array = NULL;
     uep->ue_array = array;
 
     for (i = 0; i < uep->ue_size; ++i)
@@ -1572,7 +1571,7 @@ u_read_undo(name, hash, orig_name)
     linenr_T	line_lnum;
     colnr_T	line_colnr;
     linenr_T	line_count;
-    int		num_head = 0;
+    long	num_head = 0;
     long	old_header_seq, new_header_seq, cur_header_seq;
     long	seq_last, seq_cur;
     long	last_save_nr = 0;
@@ -1745,8 +1744,9 @@ u_read_undo(name, hash, orig_name)
      * When there are no headers uhp_table is NULL. */
     if (num_head > 0)
     {
-	uhp_table = (u_header_T **)U_ALLOC_LINE(
-					     num_head * sizeof(u_header_T *));
+	if (num_head < LONG_MAX / (long)sizeof(u_header_T *))
+	    uhp_table = (u_header_T **)U_ALLOC_LINE(	
+				     num_head * sizeof(u_header_T *));
 	if (uhp_table == NULL)
 	    goto error;
     }