diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 293622f9..40baca6f 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -39,7 +39,7 @@
 size_t
 array_mult_safe(const size_t m1, const size_t m2, const size_t extra)
 {
-    const size_t limit = 0xFFFFFFFF;
+    const size_t limit = ALLOC_SIZE_MAX;
     unsigned long long res =
         (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra;
     if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit)
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index ab2a29dc..1dbe0b2b 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -1044,6 +1044,18 @@ gc_reset(struct gc_arena *a)
  * Allocate memory to hold a structure
  */
 
+/* When allocating arrays make sure we do not use a excessive amount
+ * of memory.
+ */
+#if UINTPTR_MAX <= UINT32_MAX
+/* 1 GB on 32bit systems, they usually can only allocate 2 GB for the
+ * whole process.
+ */
+#define ALLOC_SIZE_MAX (1u << 30)
+#else
+#define ALLOC_SIZE_MAX ((size_t)1 << 32) /* 4 GB */
+#endif
+
 #define ALLOC_OBJ(dptr, type)                                       \
     {                                                               \
         check_malloc_return((dptr) = (type *)malloc(sizeof(type))); \