From 33816e49cae24dc9c5950355f9945dcf842f8596 Mon Sep 17 00:00:00 2001
From: James R <justsomejames2@gmail.com>
Date: Mon, 28 Oct 2019 00:04:30 -0700
Subject: [PATCH] Add overflow checks so we I_Error instead of death crash into
 oblivion

You'd love to know how we even reached (size_t)-1.
---
 src/z_zone.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/z_zone.c b/src/z_zone.c
index 001c69bb3..d5146f7a3 100644
--- a/src/z_zone.c
+++ b/src/z_zone.c
@@ -247,7 +247,11 @@ void Z_Free(void *ptr)
 static void *xm(size_t size)
 {
 	const size_t padedsize = size+sizeof (size_t);
-	void *p = malloc(padedsize);
+	void *p;
+
+	if (padedsize < size)/* overflow check */
+		I_Error("You are allocating memory too large!");
+	p = malloc(padedsize);
 
 	if (p == NULL)
 	{
@@ -295,6 +299,9 @@ void *Z_MallocAlign(size_t size, INT32 tag, void *user, INT32 alignbits)
 	CONS_Debug(DBG_MEMORY, "Z_Malloc %s:%d\n", file, line);
 #endif
 
+	if (blocksize < size)/* overflow check */
+		I_Error("You are allocating memory too large!");
+
 	block = xm(sizeof *block);
 #ifdef HAVE_VALGRIND
 	padsize += (1<<sizeof(size_t))*2;