=== modified file 'src/ChangeLog'
--- src/ChangeLog	2011-10-11 17:35:16 +0000
+++ src/ChangeLog	2011-10-12 05:01:36 +0000
@@ -1,3 +1,9 @@
+2011-10-12  Dmitry Antipov  <address@hidden>
+
+	* alloc.c (Fgc_status): Do not access beyond zombies array
+	boundary if nzombies > MAX_ZOMBIES.
+	* alloc.c (dump_zombies): Add missing format specifier.
+
 2011-10-11  Andreas Schwab  <address@hidden>
 
 	* lisp.h (GCPRO1_VAR, GCPRO2_VAR, GCPRO3_VAR, GCPRO4_VAR)

=== modified file 'src/alloc.c'
--- src/alloc.c	2011-10-07 16:42:32 +0000
+++ src/alloc.c	2011-10-12 04:48:27 +0000
@@ -4071,7 +4071,7 @@
 {
   Lisp_Object args[8], zombie_list = Qnil;
   EMACS_INT i;
-  for (i = 0; i < nzombies; i++)
+  for (i = 0; i < min (MAX_ZOMBIES, nzombies); i++)
     zombie_list = Fcons (zombies[i], zombie_list);
   args[0] = build_string ("%d GCs, avg live/zombies = %.2f/%.2f (%f%%), max %d/%d\nzombies: %S");
   args[1] = make_number (ngcs);
@@ -4410,7 +4410,7 @@
 {
   int i;
 
-  fprintf (stderr, "\nZombies kept alive = %"pI":\n", nzombies);
+  fprintf (stderr, "\nZombies kept alive = %"pI"d:\n", nzombies);
   for (i = 0; i < min (MAX_ZOMBIES, nzombies); ++i)
     {
       fprintf (stderr, "  %d = ", i);