Comment by saagarjha

> Unsigned sizes are another historically common source of defects, and offer no practical advantages in return. Case in point exercise for the reader: Change each ptrdiff_t to size_t in alloc, find the defect that results, then fix it.

I know that it’s a different “kind” of defect, but none of the code has overflow checks even with ptrdiff_t…