diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h
index 1f79ba16..c007b973 100644
--- a/libselinux/include/selinux/avc.h
+++ b/libselinux/include/selinux/avc.h
@@ -20,7 +20,7 @@ extern "C" {
  */
 struct security_id {
 	char * ctx;
-	unsigned int refcnt;
+	unsigned int id;
 };
 typedef struct security_id *security_id_t;
 
diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
index fce5bddf..9475dcb0 100644
--- a/libselinux/src/avc_sidtab.c
+++ b/libselinux/src/avc_sidtab.c
@@ -4,6 +4,7 @@
  * Author : Eamon Walsh, <ewalsh@epoch.ncsc.mil>
  */
 #include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -50,6 +51,11 @@ int sidtab_insert(struct sidtab *s, const char * ctx)
 	struct sidtab_node *newnode;
 	char * newctx;
 
+	if (s->nel >= UINT_MAX - 1) {
+		rc = -1;
+		goto out;
+	}
+
 	newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode));
 	if (!newnode) {
 		rc = -1;
@@ -65,9 +71,8 @@ int sidtab_insert(struct sidtab *s, const char * ctx)
 	hvalue = sidtab_hash(newctx);
 	newnode->next = s->htable[hvalue];
 	newnode->sid_s.ctx = newctx;
-	newnode->sid_s.refcnt = 1;	/* unused */
+	newnode->sid_s.id = ++s->nel;
 	s->htable[hvalue] = newnode;
-	s->nel++;
       out:
 	return rc;
 }