==== Enforce an upper limit

When performing a memory allocation whose size depends on a user-controlled
parameter, it is of prime importance to enforce an upper limit to the size
being allocated. This will prevent any overly big memory slot from being
consumed by a single allocation.

Note that forcing an upper limit will not prevent Denial of Service attacks.
When an allocation size is restricted to a reasonable amount, attackers can
still request the allocating feature multiple times until the combined allocation
size becomes big enough to cause exhaustion. However, the smaller the allowed
allocation size, the higher the number of necessary requests and, thus, the
higher the required resources on the attacker side. As for most of the DoS
attack vectors, a trade-off must be found to prevent most attackers from causing
exhaustion while keeping a good level of performance and usability.