--- /dev/null
+CVE-2013-6393
+
+Patch by Garth Mollett <gmollett@redhat.com>
+
+--- libyaml-0.1.4.orig/src/scanner.c
++++ libyaml-0.1.4/src/scanner.c
+@@ -615,11 +615,11 @@ yaml_parser_decrease_flow_level(yaml_par
+ */
+
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
++yaml_parser_roll_indent(yaml_parser_t *parser, size_t column,
+ int number, yaml_token_type_t type, yaml_mark_t mark);
+
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
++yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column);
+
+ /*
+ * Token fetchers.
+@@ -1206,7 +1206,7 @@ yaml_parser_decrease_flow_level(yaml_par
+ */
+
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
++yaml_parser_roll_indent(yaml_parser_t *parser, size_t column,
+ int number, yaml_token_type_t type, yaml_mark_t mark)
+ {
+ yaml_token_t token;
+@@ -1254,7 +1254,7 @@ yaml_parser_roll_indent(yaml_parser_t *p
+
+
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
++yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column)
+ {
+ yaml_token_t token;
+
+@@ -2574,7 +2574,7 @@ yaml_parser_scan_tag_uri(yaml_parser_t *
+
+ /* Resize the string to include the head. */
+
+- while (string.end - string.start <= (int)length) {
++ while ((size_t)(string.end - string.start) <= length) {
+ if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) {
+ parser->error = YAML_MEMORY_ERROR;
+ goto error;
+--- libyaml-0.1.4.orig/src/api.c
++++ libyaml-0.1.4/src/api.c
+@@ -117,7 +117,12 @@ yaml_string_join(
+ YAML_DECLARE(int)
+ yaml_stack_extend(void **start, void **top, void **end)
+ {
+- void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
++ void *new_start;
++
++ if ((char *)*end - (char *)*start >= INT_MAX / 2)
++ return 0;
++
++ new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
+
+ if (!new_start) return 0;
+