On 12/30/2021 4:37 PM, sarn wrote: > Good thing to do, but Walter's talking about integer overflow with the `len * > T.sizeof` calculation itself. > > calloc() doesn't have this problem. The calculation of `len` can also have overflow problems. `calloc` is not sufficient. The provenance of `len` needs to be carefully checked.