> 1. I don't see much reason to mention calloc() as an alternative to > reallocarray() when it's the worse option.
calloc() still remains the portable option. Something should probably still be mentioned here, otherwise people fall back to unchecked malloc -- no matter what is stated further below regarding overflow checks. > 2. Use size > 0 when testing overflow. That feels wrong. The size variables in some code contexts may mistakenly be signed, yet assigned an unsigned value from a caller. You are trying to fight a losing battle with undefined behaviour handling in modern compilers, and programmers who don't have time to use static analysis tools. In case size is signed, it would be better to FAIL the overflow check as happens currently, rather multiply a negative number, end up with a result, malloc, and then screw things up.