From b18cecd7b0c37e696571dcb3abb22a79ad03dae7 Mon Sep 17 00:00:00 2001
From: havoc <havoc@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Sun, 27 Nov 2016 21:35:34 +0000
Subject: [PATCH] Fix infinite loop that occurred in R_FrameData_Alloc if
 requesting > 256MB (which the per-chunk size was bounded to).

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@12295 d7cf8633-e32d-0410-b094-e92efae38249
---
 gl_rmain.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gl_rmain.c b/gl_rmain.c
index 349b78e5..8bf14a8a 100644
--- a/gl_rmain.c
+++ b/gl_rmain.c
@@ -4689,7 +4689,13 @@ void *R_FrameData_Alloc(size_t size)
 	while (!r_framedata_mem || r_framedata_mem->current + size > r_framedata_mem->size)
 	{
 		// emergency - we ran out of space, allocate more memory
-		newvalue = bound(0.25f, r_framedatasize.value * 2.0f, 256.0f);
+		// note: this has no upper-bound, we'll fail to allocate memory eventually and just die
+		newvalue = r_framedatasize.value * 2.0f;
+		// upper bound based on architecture - if we try to allocate more than this we could overflow, better to loop until we error out on allocation failure
+		if (sizeof(size_t) >= 8)
+			newvalue = bound(0.25f, newvalue, (float)(1ll << 42));
+		else
+			newvalue = bound(0.25f, newvalue, (float)(1 << 10));
 		// this might not be a growing it, but we'll allocate another buffer every time
 		Cvar_SetValueQuick(&r_framedatasize, newvalue);
 		R_FrameData_Resize(true);
-- 
2.39.2