> s = (ptimer_state *)qemu_mallocz(sizeof(ptimer_state)); > + if (!s) > + return NULL;
None of the callers bother to check the return value, And even if they did I don't think there's any point trying to gracefully handle OOM. Just abort and be done with it. I suggest guaranteeing that qemu_malloc will never return NULL, and removing the null checks from all the various users. Paul