The TclpAlloc() implementation in
tclThreadAlloc.c accepts an
(unsigned int) argument "reqSize"
for the number of bytes the caller
If a value greater than
(UINT_MAX - sizeof(Block)) is passed
in, then the calculation of the total
allocation needed including overhead
will overflow the unsigned int range,
and on systems where the range of
size_t is no bigger than the range
of unsigned int, the value of "size"
will overflow and the comparions to
MAXALLOC, etc. may well return bogus