From ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad Mon Sep 17 00:00:00 2001
From: Eli Zaretskii <eliz@gnu.org>
Date: Mon, 9 Apr 2001 10:53:42 +0000
Subject: [PATCH] (align): If the argument SIZE would overflow
 __malloc_ptrdiff_t, fail right away.

---
 src/ChangeLog | 5 +++++
 src/gmalloc.c | 9 ++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index ed4535c28d9..048eedf14fa 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2001-04-09  Eli Zaretskii  <eliz@is.elta.co.il>
+
+	* gmalloc.c (align): If the argument SIZE would overflow
+	__malloc_ptrdiff_t, fail right away.
+
 2001-04-06  Gerd Moellmann  <gerd@gnu.org>
 
 	* xfns.c (compute_tip_xy): Add parameters WIDTH and HEIGHT.
diff --git a/src/gmalloc.c b/src/gmalloc.c
index 751e90baf13..3508304da33 100644
--- a/src/gmalloc.c
+++ b/src/gmalloc.c
@@ -437,7 +437,14 @@ align (size)
   __ptr_t result;
   unsigned long int adj;
 
-  result = (*__morecore) (size);
+  /* align accepts an unsigned argument, but __morecore accepts a
+     signed one.  This could lead to trouble if SIZE overflows a
+     signed int type accepted by __morecore.  We just punt in that
+     case, since they are requesting a ludicrous amount anyway.  */
+  if ((__malloc_ptrdiff_t)size < 0)
+    result = 0;
+  else
+    result = (*__morecore) (size);
   adj = (unsigned long int) ((unsigned long int) ((char *) result -
 						  (char *) NULL)) % BLOCKSIZE;
   if (adj != 0)
-- 
2.39.5