Jeff King <peff@xxxxxxxx> writes: > On Mon, Nov 13, 2023 at 04:22:48PM +0000, Arthur Chan via GitGitGadget wrote: > >> + str = (char *)malloc(size + 1); >> + if (!str) >> + return 0; >> + memcpy(str, data, size); >> + str[size] = '\0'; > > Is it important that we avoid calling die() if the malloc fails here? > > The usual way to write this in our code base is just: > > str = xmemdupz(data, size); > > It's not entirely a style thing; we sometimes audit the code base > looking for computations on malloc sizes (for integer overflows) as well > as sites that should be using xmalloc and are not. Obviously we can > exclude oss-fuzz/ from such audits, but if there's no reason not to > prefer our usual style, it's one less thing to worry about. Good point. Thanks.