diff -r ec62453fc8a6 -r 1ecf4dbbc60c src/mempool.c
--- a/src/mempool.c	Fri Dec 20 21:25:33 2024 +0100
+++ b/src/mempool.c	Sat Dec 21 21:03:28 2024 +0100
@@ -29,6 +29,7 @@
 #include "cx/mempool.h"
 
 #include <string.h>
+#include <errno.h>
 
 struct cx_mempool_memory_s {
     /** The destructor. */
@@ -45,7 +46,13 @@
 
     if (pool->size >= pool->capacity) {
         size_t newcap = pool->capacity - (pool->capacity % 16) + 16;
-        struct cx_mempool_memory_s **newdata = realloc(pool->data, newcap*sizeof(struct cx_mempool_memory_s*));
+        size_t newmsize;
+        if (pool->capacity > newcap || cx_szmul(newcap,
+                sizeof(struct cx_mempool_memory_s*), &newmsize)) {
+            errno = EOVERFLOW;
+            return NULL;
+        }
+        struct cx_mempool_memory_s **newdata = realloc(pool->data, newmsize);
         if (newdata == NULL) {
             return NULL;
         }
@@ -72,6 +79,7 @@
 ) {
     size_t msz;
     if (cx_szmul(nelem, elsize, &msz)) {
+        errno = EOVERFLOW;
         return NULL;
     }
     void *ptr = cx_mempool_malloc(p, msz);
@@ -204,6 +212,7 @@
 ) {
     size_t poolsize;
     if (cx_szmul(capacity, sizeof(struct cx_mempool_memory_s*), &poolsize)) {
+        errno = EOVERFLOW;
         return NULL;
     }