Avi Kivity wrote: > A NEW(type) and ARRAY_NEW(type, count) marcros would improve type safety > and plug a dormant buffer overflow due to multiplication overflow, yes. > Even qemu_calloc() would be an improvement.
In my code I regularly use type_alloc(type) and type_free(type, ptr), giving type safety at both ends (and possibility to optimise allocations, but that's separate). If you have ARRAY_NEW(type, count) which permits count to be zero and returns a non-NULL result, I wonder, why is it ok to convert zero count to a guaranteed non-NULL unique result, but not do that for sizeof(type) (or just size)? -- Jamie