It is correct to do the checks, some would say pedantic. Some thoughts
#include <stdint.h>
...
// MAX_CHAIN > SIZE_MAX/sizeof(char*)
MAX_CHAIN > (SIZE_MAX - sizeof(char*) +1)/sizeof(char*)
// This deals with SIZE_MAX/sizeof(char*) rounding toward 0
A return value of NULL is valid if memory allocation size is 0.
Watch for attempted negative memory allocation requests as many requests are formed with int
(signed) even though the request takes size_t
(unsigned).
Memory allocation is limited to SIZE_MAX
as in typical systems cannot allocate (size_t)-1
or any where new that. Look at the C standard definition of RSZIE_MAX
which is closely related to your concerns.
C11dr §K.3.4 3
Extremely large object sizes are frequently a sign that an object’s size was calculated incorrectly. For example, negative numbers appear as very large positive numbers when converted to an unsigned type like size_t. Also, some implementations do not support objects as large as the maximum value that can be represented by type size_t.