There are several points in the codebase that use (bson_)malloc(sizeof(T) * N) to allocate arrays of objects. This should not do an in-situ multiplication, since a large value of N will cause integer overflow and result in either an allocation failure or a bogus allocation size. Also, N = 0 can cause issues since malloc(0) is undefined/unspecified.

Proposal: A new function-like macro for allocating arrays, e.g. bson_allocate_array(T, N) that allocates aligned zero-filled storage for N objects of type T and also handles N = 0 properly.