Fix integer overflow in boundary checking

This commit prevents arithmetic underflow in the size validation check
that could bypass TLSF_MAX_SIZE limits. When align + sizeof(tlsf_block_t)
exceeds TLSF_MAX_SIZE, the original expression would underflow and
incorrectly pass the size check, potentially allowing oversized
allocations.

Author: jserv

tlsf.c

@@ -498,8 +498,8 @@ void *tlsf_aalloc(tlsf_t *t, size_t align, size_t size)
     if (UNLIKELY(
             !size ||
             ((align | size) & (align - 1)) /* align!=2**x, size!=n*align */ ||
-            adjust > TLSF_MAX_SIZE - align -
-                         sizeof(tlsf_block_t) /* size is too large */))
+            align > TLSF_MAX_SIZE || sizeof(tlsf_block_t) > TLSF_MAX_SIZE ||
+            adjust > TLSF_MAX_SIZE - align - sizeof(tlsf_block_t) /* size is too large */))
         return NULL;
 
     if (align <= ALIGN_SIZE)