2 files changed, 16 insertions, 4 deletions

diff --git a/buffer.c b/buffer.c
index 08f0656..c71cd86 100644
--- a/buffer.c
+++ b/buffer.c
@@ -32,6 +32,16 @@
 
 #include "memdbg.h"
 
+size_t
+array_mult_safe (const size_t m1, const size_t m2)
+{
+  const unsigned long long limit = 0xFFFFFFFF;
+  unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2;
+  if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(res > limit))
+    msg (M_FATAL, "attemped allocation of excessively large array");
+  return (size_t) res;
+}
+
 struct buffer
 #ifdef DMALLOC
 alloc_buf_debug (size_t size, const char *file, int line)
diff --git a/buffer.h b/buffer.h
index a870e2f..1b4b8ef 100644
--- a/buffer.h
+++ b/buffer.h
@@ -88,6 +88,8 @@ bool buf_assign (struct buffer *dest, const struct buffer *src);
 void string_clear (char *str);
 int string_array_len (const char **array);
 
+size_t array_mult_safe (const size_t m1, const size_t m2);
+
 #define PA_BRACKET (1<<0)
 char *print_argv (const char **p, struct gc_arena *gc, const unsigned int flags);
 
@@ -725,23 +727,23 @@ void out_of_memory (void);
 
 #define ALLOC_ARRAY(dptr, type, n) \
 { \
-  check_malloc_return ((dptr) = (type *) malloc (sizeof (type) * (n))); \
+  check_malloc_return ((dptr) = (type *) malloc (array_mult_safe (sizeof (type), (n)))); \
 }
 
 #define ALLOC_ARRAY_GC(dptr, type, n, gc) \
 { \
-  (dptr) = (type *) gc_malloc (sizeof (type) * (n), false, (gc)); \
+  (dptr) = (type *) gc_malloc (array_mult_safe (sizeof (type), (n)), false, (gc)); \
 }
 
 #define ALLOC_ARRAY_CLEAR(dptr, type, n) \
 { \
   ALLOC_ARRAY (dptr, type, n); \
-  memset ((dptr), 0, (sizeof(type) * (n))); \
+  memset ((dptr), 0, (array_mult_safe (sizeof(type), (n)))); \
 }
 
 #define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc) \
 { \
-  (dptr) = (type *) gc_malloc (sizeof (type) * (n), true, (gc)); \
+  (dptr) = (type *) gc_malloc (array_mult_safe (sizeof (type), (n)), true, (gc)); \
 }
 
 #define ALLOC_OBJ_GC(dptr, type, gc) \