The particular problematic code in #7762 was this:

            nat newSize = size - n;
            char *freeAddr = MBLOCK_ROUND_DOWN(bd->start);
            freeAddr += newSize * MBLOCK_SIZE;
                        ^^^^^^^^^^^^^^^^^^^^^^  OVERFLOW!!!

For good measure, I'm going to fix the bug twice.  This patch fixes
the class of bugs of this kind, by making sure that any expressions
involving BLOCK_SIZE or MBLOCK_SIZE are promoted to unsigned long.  In
a separate patch, I'll fix a bunch of individual instances (including
the one above).