...
In this compliant solution, the integer values passed as size arguments to memory allocation functions are of the correct size and have not been altered due to integer overflow or truncation. (See rules INT32-C. Ensure that operations on non-atomic signed integers do not result in overflow and INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data.)
...
This example also checks for unsigned integer overflow in compliance with rule INT32-C. Ensure that operations on non-atomic signed integers do not result in overflow.
...