diff -Naur blender-2.68a-original/source/blender/blenkernel/BKE_particle.h blender-2.68a/source/blender/blenkernel/BKE_particle.h
--- blender-2.68a-original/source/blender/blenkernel/BKE_particle.h	2013-06-24 18:41:40.000000000 -0400
+++ blender-2.68a/source/blender/blenkernel/BKE_particle.h	2022-04-06 07:19:05.947576412 -0400
@@ -240,7 +240,8 @@
 	float *cdata, *cd;      /* color data */
 	float *vedata, *ved;    /* velocity data */
 	float *ma_col;
-	int tot_vec_size, flag;
+	int totpart, partsize;
+	int flag;
 	int totpoint, totve;
 } ParticleDrawData;
 
diff -Naur blender-2.68a-original/source/blender/blenkernel/intern/curve.c blender-2.68a/source/blender/blenkernel/intern/curve.c
--- blender-2.68a-original/source/blender/blenkernel/intern/curve.c	2022-04-05 15:00:57.073072875 -0400
+++ blender-2.68a/source/blender/blenkernel/intern/curve.c	2022-04-06 07:19:05.948576424 -0400
@@ -2320,7 +2320,8 @@
 		/* check we are a single point? also check we are not a surface and that the orderu is sane,
 		 * enforced in the UI but can go wrong possibly */
 		if (!BKE_nurb_check_valid_u(nu)) {
-			bl = MEM_callocN(sizeof(BevList) + 1 * sizeof(BevPoint), "makeBevelList1");
+			bl = MEM_callocN(sizeof(BevList), "makeBevelList1");
+			bl->bevpoints = MEM_calloc_arrayN(1, sizeof(BevPoint), "makeBevelPoints1");
 			BLI_addtail(&(cu->bev), bl);
 			bl->nr = 0;
 			bl->charidx = nu->charidx;
@@ -2333,7 +2334,8 @@
 
 			if (nu->type == CU_POLY) {
 				len = nu->pntsu;
-				bl = MEM_callocN(sizeof(BevList) + len * sizeof(BevPoint), "makeBevelList2");
+				bl = MEM_callocN(sizeof(BevList), "makeBevelList2");
+				bl->bevpoints = MEM_calloc_arrayN(len, sizeof(BevPoint), "makeBevelPoints2");
 				BLI_addtail(&(cu->bev), bl);
 
 				bl->poly = (nu->flagu & CU_NURB_CYCLIC) ? 0 : -1;
@@ -2356,7 +2358,8 @@
 			else if (nu->type == CU_BEZIER) {
 				/* in case last point is not cyclic */
 				len = resolu * (nu->pntsu + (nu->flagu & CU_NURB_CYCLIC) - 1) + 1;
-				bl = MEM_callocN(sizeof(BevList) + len * sizeof(BevPoint), "makeBevelBPoints");
+				bl = MEM_callocN(sizeof(BevList), "makeBevelBPoints");
+				bl->bevpoints = MEM_calloc_arrayN(len, sizeof(BevPoint), "makeBevelBPointsPoints");
 				BLI_addtail(&(cu->bev), bl);
 
 				bl->poly = (nu->flagu & CU_NURB_CYCLIC) ? 0 : -1;
@@ -2442,7 +2445,8 @@
 				if (nu->pntsv == 1) {
 					len = (resolu * SEGMENTSU(nu));
 
-					bl = MEM_callocN(sizeof(BevList) + len * sizeof(BevPoint), "makeBevelList3");
+					bl = MEM_callocN(sizeof(BevList), "makeBevelList3");
+					bl->bevpoints = MEM_calloc_arrayN(len, sizeof(BevPoint), "makeBevelPoints3");
 					BLI_addtail(&(cu->bev), bl);
 					bl->nr = len;
 					bl->dupe_nr = 0;
@@ -2488,8 +2492,13 @@
 		blnext = bl->next;
 		if (bl->nr && bl->dupe_nr) {
 			nr = bl->nr - bl->dupe_nr + 1;  /* +1 because vectorbezier sets flag too */
-			blnew = MEM_mallocN(sizeof(BevList) + nr * sizeof(BevPoint), "makeBevelList4");
+			blnew = MEM_callocN(sizeof(BevList), "makeBevelList4");
 			memcpy(blnew, bl, sizeof(BevList));
+			blnew->bevpoints = MEM_calloc_arrayN(nr, sizeof(BevPoint), "makeBevelPoints4");
+			if (!blnew->bevpoints) {
+				MEM_freeN(blnew);
+				break;
+			}
 			blnew->nr = 0;
 			BLI_remlink(&(cu->bev), bl);
 			BLI_insertlinkbefore(&(cu->bev), blnext, blnew);    /* to make sure bevlijst is tuned with nurblist */
@@ -2504,6 +2513,9 @@
 				}
 				bevp0++;
 			}
+			if (bl->bevpoints != NULL) {
+				MEM_freeN(bl->bevpoints);
+			}
 			MEM_freeN(bl);
 			blnew->dupe_nr = 0;
 		}
diff -Naur blender-2.68a-original/source/blender/blenkernel/intern/font.c blender-2.68a/source/blender/blenkernel/intern/font.c
--- blender-2.68a-original/source/blender/blenkernel/intern/font.c	2022-04-05 15:00:57.075072899 -0400
+++ blender-2.68a/source/blender/blenkernel/intern/font.c	2022-04-06 07:31:49.844661451 -0400
@@ -33,6 +33,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <math.h>
+#include <limits.h>
 #include <stdlib.h>
 #include <wchar.h>
 #include <wctype.h>
@@ -516,7 +517,12 @@
 
 	/* Create unicode string */
 	utf8len = BLI_strlen_utf8(cu->str);
+	/* Protect against integer overflow vulnerability. */
+	CLAMP(utf8len, 0, INT_MAX - 4);
 	mem = MEM_malloc_arrayN((utf8len + 1), sizeof(wchar_t), "convertedmem");
+	if (!mem) {
+		return NULL;
+	}
 
 	BLI_strncpy_wchar_from_utf8(mem, cu->str, utf8len + 1);
 
@@ -530,6 +536,9 @@
 		cu->strinfo = MEM_calloc_arrayN((slen + 4), sizeof(CharInfo), "strinfo compat");
 	
 	custrinfo = cu->strinfo;
+	if (!custrinfo) {
+		return NULL;
+	}
 	if (cu->editfont)
 		custrinfo = cu->editfont->textbufinfo;
 	
diff -Naur blender-2.68a-original/source/blender/blenkernel/intern/particle.c blender-2.68a/source/blender/blenkernel/intern/particle.c
--- blender-2.68a-original/source/blender/blenkernel/intern/particle.c	2013-07-14 09:18:05.000000000 -0400
+++ blender-2.68a/source/blender/blenkernel/intern/particle.c	2022-04-06 07:19:05.949576436 -0400
@@ -523,7 +523,8 @@
 		psys->pdd->vedata = NULL;
 
 		psys->pdd->totpoint = 0;
-		psys->pdd->tot_vec_size = 0;
+		psys->pdd->totpart = 0;
+		psys->pdd->partsize = 0;
 	}
 }
 /* free everything */
diff -Naur blender-2.68a-original/source/blender/blenloader/intern/readfile.c blender-2.68a/source/blender/blenloader/intern/readfile.c
--- blender-2.68a-original/source/blender/blenloader/intern/readfile.c	2022-04-05 15:00:57.079072946 -0400
+++ blender-2.68a/source/blender/blenloader/intern/readfile.c	2022-04-06 07:22:07.774736681 -0400
@@ -3363,7 +3363,7 @@
 	
 	cu->adt= newdataadr(fd, cu->adt);
 	direct_link_animdata(fd, cu->adt);
-	
+
 	cu->mat = newdataadr(fd, cu->mat);
 	test_pointer_array(fd, (void **)&cu->mat);
 	cu->str = newdataadr(fd, cu->str);
@@ -3772,6 +3772,9 @@
 	for (a = 0; a < MAX_MTEX; a++) {
 		part->mtex[a] = newdataadr(fd, part->mtex[a]);
 	}
+
+	/* Protect against integer overflow vulnerability. */
+	CLAMP(part->trail_count, 1, 100000);
 }
 
 static void lib_link_particlesystems(FileData *fd, Object *ob, ID *id, ListBase *particles)
@@ -7050,12 +7053,7 @@
 	oldnewmap_insert(fd->libmap, bhead->old, id, bhead->code);	/* for ID_ID check */
 	
 	/* do after read_struct, for dna reconstruct */
-	if (bhead->code == ID_ID) {
-		lb = which_libbase(main, GS(id->name));
-	}
-	else {
-		lb = which_libbase(main, bhead->code);
-	}
+	lb = which_libbase(main, GS(id->name));
 	
 	BLI_addtail(lb, id);
 	
diff -Naur blender-2.68a-original/source/blender/editors/space_view3d/drawobject.c blender-2.68a/source/blender/editors/space_view3d/drawobject.c
--- blender-2.68a-original/source/blender/editors/space_view3d/drawobject.c	2022-04-05 15:00:57.082072982 -0400
+++ blender-2.68a/source/blender/editors/space_view3d/drawobject.c	2022-04-06 07:19:05.952576472 -0400
@@ -4488,46 +4488,46 @@
 
 /* 4. */
 	if (draw_as && ELEM(draw_as, PART_DRAW_PATH, PART_DRAW_CIRC) == 0) {
-		int tot_vec_size = (totpart + totchild) * 3 * sizeof(float);
+		int partsize = 3 * sizeof(float);
 		int create_ndata = 0;
 
 		if (!pdd)
 			pdd = psys->pdd = MEM_callocN(sizeof(ParticleDrawData), "ParticlDrawData");
 
 		if (part->draw_as == PART_DRAW_REND && part->trail_count > 1) {
-			tot_vec_size *= part->trail_count;
+			partsize *= part->trail_count;
 			psys_make_temp_pointcache(ob, psys);
 		}
 
 		switch (draw_as) {
 			case PART_DRAW_AXIS:
 			case PART_DRAW_CROSS:
-				tot_vec_size *= 6;
+				partsize *= 6;
 				if (draw_as != PART_DRAW_CROSS)
 					create_cdata = 1;
 				break;
 			case PART_DRAW_LINE:
-				tot_vec_size *= 2;
+				partsize *= 2;
 				break;
 			case PART_DRAW_BB:
-				tot_vec_size *= 4;
+				partsize *= 4;
 				create_ndata = 1;
 				break;
 		}
 
-		if (pdd->tot_vec_size != tot_vec_size)
+		if (pdd->totpart != totpart + totchild || pdd->partsize != partsize)
 			psys_free_pdd(psys);
 
 		if (!pdd->vdata)
-			pdd->vdata = MEM_callocN(tot_vec_size, "particle_vdata");
+			pdd->vdata = MEM_calloc_arrayN(totpart + totchild, partsize, "particle_vdata");
 		if (create_cdata && !pdd->cdata)
-			pdd->cdata = MEM_callocN(tot_vec_size, "particle_cdata");
+			pdd->cdata = MEM_calloc_arrayN(totpart + totchild, partsize, "particle_cdata");
 		if (create_ndata && !pdd->ndata)
-			pdd->ndata = MEM_callocN(tot_vec_size, "particle_ndata");
+			pdd->ndata = MEM_calloc_arrayN(totpart + totchild, partsize, "particle_ndata");
 
 		if (part->draw & PART_DRAW_VEL && draw_as != PART_DRAW_LINE) {
 			if (!pdd->vedata)
-				pdd->vedata = MEM_callocN(2 * (totpart + totchild) * 3 * sizeof(float), "particle_vedata");
+				pdd->vedata = MEM_calloc_arrayN(totpart + totchild, 2 * 3 * sizeof(float), "particle_vedata");
 
 			need_v = 1;
 		}
@@ -4541,7 +4541,8 @@
 		pdd->ved = pdd->vedata;
 		pdd->cd = pdd->cdata;
 		pdd->nd = pdd->ndata;
-		pdd->tot_vec_size = tot_vec_size;
+		pdd->totpart = totpart + totchild;
+		pdd->partsize = partsize;
 	}
 	else if (psys->pdd) {
 		psys_free_pdd(psys);
diff -Naur blender-2.68a-original/source/blender/makesdna/DNA_curve_types.h blender-2.68a/source/blender/makesdna/DNA_curve_types.h
--- blender-2.68a-original/source/blender/makesdna/DNA_curve_types.h	2013-07-17 10:05:50.000000000 -0400
+++ blender-2.68a/source/blender/makesdna/DNA_curve_types.h	2022-04-06 07:19:05.955576507 -0400
@@ -71,16 +71,6 @@
 /* These two Lines with # tell makesdna this struct can be excluded. */
 #
 #
-typedef struct BevList {
-	struct BevList *next, *prev;
-	int nr, dupe_nr;
-	int poly, hole;
-	int charidx;
-} BevList;
-
-/* These two Lines with # tell makesdna this struct can be excluded. */
-#
-#
 typedef struct BevPoint {
 	float vec[3], alfa, radius, weight;
 	float sina, cosa;				/* 2D Only */
@@ -88,6 +78,17 @@
 	short split_tag, dupe_tag;
 } BevPoint;
 
+/* These two Lines with # tell makesdna this struct can be excluded. */
+#
+#
+typedef struct BevList {
+	struct BevList *next, *prev;
+	int nr, dupe_nr;
+	int poly, hole;
+	int charidx;
+        BevPoint *bevpoints;
+} BevList;
+
 /**
  * Keyframes on F-Curves (allows code reuse of Bezier eval code) and
  * Points on Bezier Curves/Paths are generally BezTriples