[5/5] coccinelle: prefer glib g_new/g_renew macros

diff --git a/hw/lm32/lm32_hwsetup.h b/hw/lm32/lm32_hwsetup.h
index a01f6bc5df..38ade3db0e 100644
--- a/hw/lm32/lm32_hwsetup.h
+++ b/hw/lm32/lm32_hwsetup.h
@@ -58,7 +58,7 @@  static inline HWSetup *hwsetup_init(void)
 {
     HWSetup *hw;
 
-    hw = g_malloc(sizeof(HWSetup));
+    hw = g_new(HWSetup, 1);
     hw->data = g_malloc0(TARGET_PAGE_SIZE);
     hw->ptr = hw->data;
 
diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index a172a6068a..edfd70c335 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -154,7 +154,7 @@  static int glue(load_symbols, SZ)(struct elfhdr *ehdr, int fd, int must_swab,
         }
         i++;
     }
-    syms = g_realloc(syms, nsyms * sizeof(*syms));
+    syms = g_renew(typeof(*syms), syms, nsyms);
 
     qsort(syms, nsyms, sizeof(*syms), glue(symcmp, SZ));
     for (i = 0; i < nsyms - 1; i++) {
diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 8a1eb74839..767a277040 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -518,7 +518,7 @@  static inline QEMUTimer *timer_new_tl(QEMUTimerList *timer_list,
                                       QEMUTimerCB *cb,
                                       void *opaque)
 {
-    QEMUTimer *ts = g_malloc0(sizeof(QEMUTimer));
+    QEMUTimer *ts = g_new0(QEMUTimer, 1);
     timer_init_tl(ts, timer_list, scale, cb, opaque);
     return ts;
 }
diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index 3652a7b5fa..1a129c79e3 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -1126,7 +1126,7 @@  static ALSAConf glob_conf = {
 
 static void *alsa_audio_init (void)
 {
-    ALSAConf *conf = g_malloc(sizeof(ALSAConf));
+    ALSAConf *conf = g_new(ALSAConf, 1);
     *conf = glob_conf;
     return conf;
 }
diff --git a/audio/coreaudio.c b/audio/coreaudio.c
index c75142084f..651b390b5e 100644
--- a/audio/coreaudio.c
+++ b/audio/coreaudio.c
@@ -687,7 +687,7 @@  static CoreaudioConf glob_conf = {
 
 static void *coreaudio_audio_init (void)
 {
-    CoreaudioConf *conf = g_malloc(sizeof(CoreaudioConf));
+    CoreaudioConf *conf = g_new(CoreaudioConf, 1);
     *conf = glob_conf;
 
     return conf;
diff --git a/audio/dsoundaudio.c b/audio/dsoundaudio.c
index 516846eb80..0492d9075e 100644
--- a/audio/dsoundaudio.c
+++ b/audio/dsoundaudio.c
@@ -787,7 +787,7 @@  static void *dsound_audio_init (void)
 {
     int err;
     HRESULT hr;
-    dsound *s = g_malloc0(sizeof(dsound));
+    dsound *s = g_new0(dsound, 1);
 
     s->conf = glob_conf;
     hr = CoInitialize (NULL);
diff --git a/audio/ossaudio.c b/audio/ossaudio.c
index 0edd7ea5fe..50d772011c 100644
--- a/audio/ossaudio.c
+++ b/audio/ossaudio.c
@@ -846,7 +846,7 @@  static OSSConf glob_conf = {
 
 static void *oss_audio_init (void)
 {
-    OSSConf *conf = g_malloc(sizeof(OSSConf));
+    OSSConf *conf = g_new(OSSConf, 1);
     *conf = glob_conf;
 
     if (access(conf->devpath_in, R_OK | W_OK) < 0 ||
diff --git a/audio/paaudio.c b/audio/paaudio.c
index 65beb6f010..fc32960c25 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -814,7 +814,7 @@  static PAConf glob_conf = {
 
 static void *qpa_audio_init (void)
 {
-    paaudio *g = g_malloc(sizeof(paaudio));
+    paaudio *g = g_new(paaudio, 1);
     g->conf = glob_conf;
     g->mainloop = NULL;
     g->context = NULL;
diff --git a/audio/wavaudio.c b/audio/wavaudio.c
index 341eec3121..f90a02610f 100644
--- a/audio/wavaudio.c
+++ b/audio/wavaudio.c
@@ -231,7 +231,7 @@  static WAVConf glob_conf = {
 
 static void *wav_audio_init (void)
 {
-    WAVConf *conf = g_malloc(sizeof(WAVConf));
+    WAVConf *conf = g_new(WAVConf, 1);
     *conf = glob_conf;
     return conf;
 }
diff --git a/backends/cryptodev.c b/backends/cryptodev.c
index 832f056266..ecadf61781 100644
--- a/backends/cryptodev.c
+++ b/backends/cryptodev.c
@@ -42,7 +42,7 @@  cryptodev_backend_new_client(const char *model,
 {
     CryptoDevBackendClient *cc;
 
-    cc = g_malloc0(sizeof(CryptoDevBackendClient));
+    cc = g_new0(CryptoDevBackendClient, 1);
     cc->model = g_strdup(model);
     if (name) {
         cc->name = g_strdup(name);
diff --git a/bootdevice.c b/bootdevice.c
index 33e3029e40..4000e7a772 100644
--- a/bootdevice.c
+++ b/bootdevice.c
@@ -165,7 +165,7 @@  void add_boot_device_path(int32_t bootindex, DeviceState *dev,
 
     del_boot_device_path(dev, suffix);
 
-    node = g_malloc0(sizeof(FWBootEntry));
+    node = g_new0(FWBootEntry, 1);
     node->bootindex = bootindex;
     node->suffix = g_strdup(suffix);
     node->dev = dev;
diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
index 66492aaf5d..a8f4b88991 100644
--- a/bsd-user/syscall.c
+++ b/bsd-user/syscall.c
@@ -227,7 +227,7 @@  static abi_long do_freebsd_sysctl(abi_ulong namep, int32_t namelen, abi_ulong ol
     void *hnamep, *holdp, *hnewp = NULL;
     size_t holdlen;
     abi_ulong oldlen = 0;
-    int32_t *snamep = g_malloc(sizeof(int32_t) * namelen), *p, *q, i;
+    int32_t *snamep = g_new(int32_t, namelen), *p, *q, i;
     uint32_t kind = 0;
 
     if (oldlenp)
diff --git a/bt-host.c b/bt-host.c
index 2f8f631c25..ad9e45ea43 100644
--- a/bt-host.c
+++ b/bt-host.c
@@ -177,7 +177,7 @@  struct HCIInfo *bt_host_hci(const char *id)
     }
 # endif
 
-    s = g_malloc0(sizeof(struct bt_host_hci_s));
+    s = g_new0(struct bt_host_hci_s, 1);
     s->fd = fd;
     s->hci.cmd_send = bt_host_cmd;
     s->hci.sco_send = bt_host_sco;
diff --git a/bt-vhci.c b/bt-vhci.c
index 9d277c32bf..a885e2b8b9 100644
--- a/bt-vhci.c
+++ b/bt-vhci.c
@@ -157,7 +157,7 @@  void bt_vhci_init(struct HCIInfo *info)
         exit(-1);
     }
 
-    s = g_malloc0(sizeof(struct bt_vhci_s));
+    s = g_new0(struct bt_vhci_s, 1);
     s->fd = fd;
     s->info = info ?: qemu_next_hci();
     s->info->opaque = s;
diff --git a/cpus-common.c b/cpus-common.c
index 59f751ecf9..e613cc33ef 100644
--- a/cpus-common.c
+++ b/cpus-common.c
@@ -158,7 +158,7 @@  void async_run_on_cpu(CPUState *cpu, run_on_cpu_func func, run_on_cpu_data data)
 {
     struct qemu_work_item *wi;
 
-    wi = g_malloc0(sizeof(struct qemu_work_item));
+    wi = g_new0(struct qemu_work_item, 1);
     wi->func = func;
     wi->data = data;
     wi->free = true;
@@ -301,7 +301,7 @@  void async_safe_run_on_cpu(CPUState *cpu, run_on_cpu_func func,
 {
     struct qemu_work_item *wi;
 
-    wi = g_malloc0(sizeof(struct qemu_work_item));
+    wi = g_new0(struct qemu_work_item, 1);
     wi->func = func;
     wi->data = data;
     wi->free = true;
diff --git a/cpus.c b/cpus.c
index 516e5cbac1..c575de50e4 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1657,8 +1657,8 @@  static void qemu_tcg_init_vcpu(CPUState *cpu)
     static QemuThread *single_tcg_cpu_thread;
 
     if (qemu_tcg_mttcg_enabled() || !single_tcg_cpu_thread) {
-        cpu->thread = g_malloc0(sizeof(QemuThread));
-        cpu->halt_cond = g_malloc0(sizeof(QemuCond));
+        cpu->thread = g_new0(QemuThread, 1);
+        cpu->halt_cond = g_new0(QemuCond, 1);
         qemu_cond_init(cpu->halt_cond);
 
         if (qemu_tcg_mttcg_enabled()) {
@@ -1697,8 +1697,8 @@  static void qemu_hax_start_vcpu(CPUState *cpu)
 {
     char thread_name[VCPU_THREAD_NAME_SIZE];
 
-    cpu->thread = g_malloc0(sizeof(QemuThread));
-    cpu->halt_cond = g_malloc0(sizeof(QemuCond));
+    cpu->thread = g_new0(QemuThread, 1);
+    cpu->halt_cond = g_new0(QemuCond, 1);
     qemu_cond_init(cpu->halt_cond);
 
     snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HAX",
@@ -1717,8 +1717,8 @@  static void qemu_kvm_start_vcpu(CPUState *cpu)
 {
     char thread_name[VCPU_THREAD_NAME_SIZE];
 
-    cpu->thread = g_malloc0(sizeof(QemuThread));
-    cpu->halt_cond = g_malloc0(sizeof(QemuCond));
+    cpu->thread = g_new0(QemuThread, 1);
+    cpu->halt_cond = g_new0(QemuCond, 1);
     qemu_cond_init(cpu->halt_cond);
     snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/KVM",
              cpu->cpu_index);
@@ -1733,8 +1733,8 @@  static void qemu_dummy_start_vcpu(CPUState *cpu)
 {
     char thread_name[VCPU_THREAD_NAME_SIZE];
 
-    cpu->thread = g_malloc0(sizeof(QemuThread));
-    cpu->halt_cond = g_malloc0(sizeof(QemuCond));
+    cpu->thread = g_new0(QemuThread, 1);
+    cpu->halt_cond = g_new0(QemuCond, 1);
     qemu_cond_init(cpu->halt_cond);
     snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/DUMMY",
              cpu->cpu_index);
diff --git a/dma-helpers.c b/dma-helpers.c
index 2d7e02d35e..e327fc21c4 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -40,7 +40,7 @@  int dma_memory_set(AddressSpace *as, dma_addr_t addr, uint8_t c, dma_addr_t len)
 void qemu_sglist_init(QEMUSGList *qsg, DeviceState *dev, int alloc_hint,
                       AddressSpace *as)
 {
-    qsg->sg = g_malloc(alloc_hint * sizeof(ScatterGatherEntry));
+    qsg->sg = g_new(ScatterGatherEntry, alloc_hint);
     qsg->nsg = 0;
     qsg->nalloc = alloc_hint;
     qsg->size = 0;
@@ -53,7 +53,7 @@  void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len)
 {
     if (qsg->nsg == qsg->nalloc) {
         qsg->nalloc = 2 * qsg->nalloc + 1;
-        qsg->sg = g_realloc(qsg->sg, qsg->nalloc * sizeof(ScatterGatherEntry));
+        qsg->sg = g_renew(ScatterGatherEntry, qsg->sg, qsg->nalloc);
     }
     qsg->sg[qsg->nsg].base = base;
     qsg->sg[qsg->nsg].len = len;
diff --git a/dump.c b/dump.c
index d9090a24cc..eb3fa7a5f4 100644
--- a/dump.c
+++ b/dump.c
@@ -1823,28 +1823,28 @@  DumpGuestMemoryCapability *qmp_query_dump_guest_memory_capability(Error **errp)
 {
     DumpGuestMemoryFormatList *item;
     DumpGuestMemoryCapability *cap =
-                                  g_malloc0(sizeof(DumpGuestMemoryCapability));
+                                  g_new0(DumpGuestMemoryCapability, 1);
 
     /* elf is always available */
-    item = g_malloc0(sizeof(DumpGuestMemoryFormatList));
+    item = g_new0(DumpGuestMemoryFormatList, 1);
     cap->formats = item;
     item->value = DUMP_GUEST_MEMORY_FORMAT_ELF;
 
     /* kdump-zlib is always available */
-    item->next = g_malloc0(sizeof(DumpGuestMemoryFormatList));
+    item->next = g_new0(DumpGuestMemoryFormatList, 1);
     item = item->next;
     item->value = DUMP_GUEST_MEMORY_FORMAT_KDUMP_ZLIB;
 
     /* add new item if kdump-lzo is available */
 #ifdef CONFIG_LZO
-    item->next = g_malloc0(sizeof(DumpGuestMemoryFormatList));
+    item->next = g_new0(DumpGuestMemoryFormatList, 1);
     item = item->next;
     item->value = DUMP_GUEST_MEMORY_FORMAT_KDUMP_LZO;
 #endif
 
     /* add new item if kdump-snappy is available */
 #ifdef CONFIG_SNAPPY
-    item->next = g_malloc0(sizeof(DumpGuestMemoryFormatList));
+    item->next = g_new0(DumpGuestMemoryFormatList, 1);
     item = item->next;
     item->value = DUMP_GUEST_MEMORY_FORMAT_KDUMP_SNAPPY;
 #endif
diff --git a/gdbstub.c b/gdbstub.c
index ec4e4b25be..077087cbed 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1789,7 +1789,7 @@  static void gdb_accept(void)
     /* set short latency */
     socket_set_nodelay(fd);
 
-    s = g_malloc0(sizeof(GDBState));
+    s = g_new0(GDBState, 1);
     s->c_cpu = first_cpu;
     s->g_cpu = first_cpu;
     s->fd = fd;
@@ -1983,7 +1983,7 @@  int gdbserver_start(const char *device)
 
     s = gdbserver_state;
     if (!s) {
-        s = g_malloc0(sizeof(GDBState));
+        s = g_new0(GDBState, 1);
         gdbserver_state = s;
 
         qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
diff --git a/hw/9pfs/9p-handle.c b/hw/9pfs/9p-handle.c
index 9875f1894c..357ced3079 100644
--- a/hw/9pfs/9p-handle.c
+++ b/hw/9pfs/9p-handle.c
@@ -609,7 +609,7 @@  static int handle_init(FsContext *ctx)
     int ret, mnt_id;
     struct statfs stbuf;
     struct file_handle fh;
-    struct handle_data *data = g_malloc(sizeof(struct handle_data));
+    struct handle_data *data = g_new(struct handle_data, 1);
 
     data->mountfd = open(ctx->fs_root, O_DIRECTORY);
     if (data->mountfd < 0) {
diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
index 28b20a7c3d..2de303d713 100644
--- a/hw/9pfs/9p-proxy.c
+++ b/hw/9pfs/9p-proxy.c
@@ -1136,7 +1136,7 @@  static int proxy_parse_opts(QemuOpts *opts, struct FsDriverEntry *fs)
 
 static int proxy_init(FsContext *ctx)
 {
-    V9fsProxy *proxy = g_malloc(sizeof(V9fsProxy));
+    V9fsProxy *proxy = g_new(V9fsProxy, 1);
     int sock_id;
 
     if (ctx->export_flags & V9FS_PROXY_SOCK_NAME) {
diff --git a/hw/9pfs/9p-synth.c b/hw/9pfs/9p-synth.c
index df0a8de08a..eab91237f4 100644
--- a/hw/9pfs/9p-synth.c
+++ b/hw/9pfs/9p-synth.c
@@ -43,7 +43,7 @@  static V9fsSynthNode *v9fs_add_dir_node(V9fsSynthNode *parent, int mode,
 
     /* Add directory type and remove write bits */
     mode = ((mode & 0777) | S_IFDIR) & ~(S_IWUSR | S_IWGRP | S_IWOTH);
-    node = g_malloc0(sizeof(V9fsSynthNode));
+    node = g_new0(V9fsSynthNode, 1);
     if (attr) {
         /* We are adding .. or . entries */
         node->attr = attr;
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 96d2683348..0a0cdbb7dd 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -298,7 +298,7 @@  static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)
             return NULL;
         }
     }
-    f = g_malloc0(sizeof(V9fsFidState));
+    f = g_new0(V9fsFidState, 1);
     f->fid = fid;
     f->fid_type = P9_FID_NONE;
     f->ref = 1;
@@ -1307,8 +1307,8 @@  static void coroutine_fn v9fs_walk(void *opaque)
     trace_v9fs_walk(pdu->tag, pdu->id, fid, newfid, nwnames);
 
     if (nwnames && nwnames <= P9_MAXWELEM) {
-        wnames = g_malloc0(sizeof(wnames[0]) * nwnames);
-        qids   = g_malloc0(sizeof(qids[0]) * nwnames);
+        wnames = g_new0(typeof(wnames[0]), nwnames);
+        qids   = g_new0(typeof(qids[0]), nwnames);
         for (i = 0; i < nwnames; i++) {
             err = pdu_unmarshal(pdu, offset, "s", &wnames[i]);
             if (err < 0) {
diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
index 922cc967be..5825378ad8 100644
--- a/hw/9pfs/xen-9p-backend.c
+++ b/hw/9pfs/xen-9p-backend.c
@@ -155,7 +155,7 @@  static void xen_9pfs_init_out_iov_from_pdu(V9fsPDU *pdu,
 
     g_free(ring->sg);
 
-    ring->sg = g_malloc0(sizeof(*ring->sg) * 2);
+    ring->sg = g_new0(typeof(*ring->sg), 2);
     xen_9pfs_out_sg(ring, ring->sg, &num, pdu->idx);
     *piov = ring->sg;
     *pniov = num;
@@ -172,7 +172,7 @@  static void xen_9pfs_init_in_iov_from_pdu(V9fsPDU *pdu,
 
     g_free(ring->sg);
 
-    ring->sg = g_malloc0(sizeof(*ring->sg) * 2);
+    ring->sg = g_new0(typeof(*ring->sg), 2);
     xen_9pfs_in_sg(ring, ring->sg, &num, pdu->idx, size);
     *piov = ring->sg;
     *pniov = num;
@@ -316,7 +316,7 @@  static int xen_9pfs_connect(struct XenDevice *xendev)
         return -1;
     }
 
-    xen_9pdev->rings = g_malloc0(xen_9pdev->num_rings * sizeof(Xen9pfsRing));
+    xen_9pdev->rings = g_new0(Xen9pfsRing, xen_9pdev->num_rings);
     for (i = 0; i < xen_9pdev->num_rings; i++) {
         char *str;
         int ring_order;
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 210073d283..ae465a2d6d 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -217,7 +217,7 @@  void acpi_memory_hotplug_init(MemoryRegion *as, Object *owner,
 
     assert(!memhp_io_base);
     memhp_io_base = io_base;
-    state->devs = g_malloc0(sizeof(*state->devs) * state->dev_count);
+    state->devs = g_new0(typeof(*state->devs), state->dev_count);
     memory_region_init_io(&state->io, owner, &acpi_memory_hotplug_ops, state,
                           "acpi-mem-hotplug", MEMORY_HOTPLUG_IO_LEN);
     memory_region_add_subregion(as, memhp_io_base, &state->io);
diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
index 06acc98f7b..7847ea7e9b 100644
--- a/hw/audio/intel-hda.c
+++ b/hw/audio/intel-hda.c
@@ -469,7 +469,7 @@  static void intel_hda_parse_bdl(IntelHDAState *d, IntelHDAStream *st)
     addr = intel_hda_addr(st->bdlp_lbase, st->bdlp_ubase);
     st->bentries = st->lvi +1;
     g_free(st->bpl);
-    st->bpl = g_malloc(sizeof(bpl) * st->bentries);
+    st->bpl = g_new(bpl, st->bentries);
     for (i = 0; i < st->bentries; i++, addr += 16) {
         pci_dma_read(&d->pci, addr, buf, 16);
         st->bpl[i].addr  = le64_to_cpu(*(uint64_t *)buf);
diff --git a/hw/bt/core.c b/hw/bt/core.c
index 615f0af073..281bb40501 100644
--- a/hw/bt/core.c
+++ b/hw/bt/core.c
@@ -55,7 +55,7 @@  static void bt_dummy_lmp_acl_resp(struct bt_link_s *link,
 /* Slaves that don't hold any additional per link state can use these */
 static void bt_dummy_lmp_connection_request(struct bt_link_s *req)
 {
-    struct bt_link_s *link = g_malloc0(sizeof(struct bt_link_s));
+    struct bt_link_s *link = g_new0(struct bt_link_s, 1);
 
     link->slave = req->slave;
     link->host = req->host;
@@ -135,7 +135,7 @@  struct bt_scatternet_s *qemu_find_bt_vlan(int id)
         if (vlan->id == id)
             return &vlan->net;
     }
-    vlan = g_malloc0(sizeof(struct bt_vlan_s));
+    vlan = g_new0(struct bt_vlan_s, 1);
     vlan->id = id;
     pvlan = &first_bt_vlan;
     while (*pvlan != NULL)
diff --git a/hw/bt/hci.c b/hw/bt/hci.c
index 476ebec0ab..08e65eb62e 100644
--- a/hw/bt/hci.c
+++ b/hw/bt/hci.c
@@ -742,7 +742,7 @@  static void bt_hci_connection_reject_event(struct bt_hci_s *hci,
 static void bt_hci_connection_accept(struct bt_hci_s *hci,
                 struct bt_device_s *host)
 {
-    struct bt_hci_link_s *link = g_malloc0(sizeof(struct bt_hci_link_s));
+    struct bt_hci_link_s *link = g_new0(struct bt_hci_link_s, 1);
     evt_conn_complete params;
     uint16_t handle;
     uint8_t status = HCI_SUCCESS;
@@ -2158,7 +2158,7 @@  static void bt_hci_destroy(struct bt_device_s *dev)
 
 struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)
 {
-    struct bt_hci_s *s = g_malloc0(sizeof(struct bt_hci_s));
+    struct bt_hci_s *s = g_new0(struct bt_hci_s, 1);
 
     s->lm.inquiry_done = timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_inquiry_done, s);
     s->lm.inquiry_next = timer_new_ns(QEMU_CLOCK_VIRTUAL, bt_hci_inquiry_next, s);
diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c
index e342045140..b716fb7d98 100644
--- a/hw/bt/l2cap.c
+++ b/hw/bt/l2cap.c
@@ -1241,7 +1241,7 @@  static void l2cap_lmp_connection_request(struct bt_link_s *link)
 
     /* Always accept - we only get called if (dev->device->page_scan).  */
 
-    l2cap = g_malloc0(sizeof(struct slave_l2cap_instance_s));
+    l2cap = g_new0(struct slave_l2cap_instance_s, 1);
     l2cap->link.slave = &dev->device;
     l2cap->link.host = link->host;
     l2cap_init(&l2cap->l2cap, &l2cap->link, 0);
@@ -1262,7 +1262,7 @@  static void l2cap_lmp_connection_complete(struct bt_link_s *link)
         return;
     }
 
-    l2cap = g_malloc0(sizeof(struct l2cap_instance_s));
+    l2cap = g_new0(struct l2cap_instance_s, 1);
     l2cap_init(l2cap, link, 1);
 
     link->acl_mode = acl_active;
diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c
index f67b3b89c0..446e71df6f 100644
--- a/hw/bt/sdp.c
+++ b/hw/bt/sdp.c
@@ -722,9 +722,9 @@  static void sdp_service_record_build(struct sdp_service_record_s *record,
     }
     record->uuids = pow2ceil(record->uuids);
     record->attribute_list =
-            g_malloc0(record->attributes * sizeof(*record->attribute_list));
+            g_new0(typeof(*record->attribute_list), record->attributes);
     record->uuid =
-            g_malloc0(record->uuids * sizeof(*record->uuid));
+            g_new0(typeof(*record->uuid), record->uuids);
     data = g_malloc(len);
 
     record->attributes = 0;
@@ -766,7 +766,7 @@  static void sdp_service_db_build(struct bt_l2cap_sdp_state_s *sdp,
     while (service[sdp->services])
         sdp->services ++;
     sdp->service_list =
-            g_malloc0(sdp->services * sizeof(*sdp->service_list));
+            g_new0(typeof(*sdp->service_list), sdp->services);
 
     sdp->services = 0;
     while (*service) {
diff --git a/hw/char/parallel.c b/hw/char/parallel.c
index 75a1a2f55e..67681b4c8c 100644
--- a/hw/char/parallel.c
+++ b/hw/char/parallel.c
@@ -608,7 +608,7 @@  bool parallel_mm_init(MemoryRegion *address_space,
 {
     ParallelState *s;
 
-    s = g_malloc0(sizeof(ParallelState));
+    s = g_new0(ParallelState, 1);
     s->irq = irq;
     qemu_chr_fe_init(&s->chr, chr, &error_abort);
     s->it_shift = it_shift;
diff --git a/hw/char/serial.c b/hw/char/serial.c
index e1f12507bf..1da46d0803 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -941,7 +941,7 @@  SerialState *serial_init(int base, qemu_irq irq, int baudbase,
 {
     SerialState *s;
 
-    s = g_malloc0(sizeof(SerialState));
+    s = g_new0(SerialState, 1);
 
     s->irq = irq;
     s->baudbase = baudbase;
@@ -997,7 +997,7 @@  SerialState *serial_mm_init(MemoryRegion *address_space,
 {
     SerialState *s;
 
-    s = g_malloc0(sizeof(SerialState));
+    s = g_new0(SerialState, 1);
 
     s->it_shift = it_shift;
     s->irq = irq;
diff --git a/hw/char/sh_serial.c b/hw/char/sh_serial.c
index ca9816d045..de68d7120c 100644
--- a/hw/char/sh_serial.c
+++ b/hw/char/sh_serial.c
@@ -365,7 +365,7 @@  void sh_serial_init(MemoryRegion *sysmem,
 {
     sh_serial_state *s;
 
-    s = g_malloc0(sizeof(sh_serial_state));
+    s = g_new0(sh_serial_state, 1);
 
     s->feat = feat;
     s->flags = SH_SERIAL_FLAG_TEND | SH_SERIAL_FLAG_TDE;
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
index 823e1c915c..53ede44ecf 100644
--- a/hw/char/virtio-serial-bus.c
+++ b/hw/char/virtio-serial-bus.c
@@ -742,7 +742,7 @@  static int fetch_active_ports_list(QEMUFile *f,
     s->post_load = g_malloc0(sizeof(*s->post_load));
     s->post_load->nr_active_ports = nr_active_ports;
     s->post_load->connected =
-        g_malloc0(sizeof(*s->post_load->connected) * nr_active_ports);
+        g_new0(typeof(*s->post_load->connected), nr_active_ports);
 
     s->post_load->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
                                             virtio_serial_post_load_timer_cb,
@@ -1047,10 +1047,8 @@  static void virtio_serial_device_realize(DeviceState *dev, Error **errp)
     QTAILQ_INIT(&vser->ports);
 
     vser->bus.max_nr_ports = vser->serial.max_virtserial_ports;
-    vser->ivqs = g_malloc(vser->serial.max_virtserial_ports
-                          * sizeof(VirtQueue *));
-    vser->ovqs = g_malloc(vser->serial.max_virtserial_ports
-                          * sizeof(VirtQueue *));
+    vser->ivqs = g_new(VirtQueue *, vser->serial.max_virtserial_ports);
+    vser->ovqs = g_new(VirtQueue *, vser->serial.max_virtserial_ports);
 
     /* Add a queue for host to guest transfers for port 0 (backward compat) */
     vser->ivqs[0] = virtio_add_queue(vdev, 128, handle_input);
@@ -1076,8 +1074,8 @@  static void virtio_serial_device_realize(DeviceState *dev, Error **errp)
     }
 
     vser->ports_map =
-        g_malloc0(DIV_ROUND_UP(vser->serial.max_virtserial_ports, 32)
-                  * sizeof(vser->ports_map[0]));
+        g_new0(typeof(vser->ports_map[0]),
+               DIV_ROUND_UP(vser->serial.max_virtserial_ports, 32));
     /*
      * Reserve location 0 for a console port for backward compat
      * (old kernel, new qemu)
diff --git a/hw/core/irq.c b/hw/core/irq.c
index b98d1d69f5..d9b13b1762 100644
--- a/hw/core/irq.c
+++ b/hw/core/irq.c
@@ -115,7 +115,7 @@  static void qemu_splitirq(void *opaque, int line, int level)
 
 qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2)
 {
-    qemu_irq *s = g_malloc0(2 * sizeof(qemu_irq));
+    qemu_irq *s = g_new0(qemu_irq, 2);
     s[0] = irq1;
     s[1] = irq2;
     return qemu_allocate_irq(qemu_splitirq, s, 0);
diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c
index 7221c68a98..554aa33d05 100644
--- a/hw/core/ptimer.c
+++ b/hw/core/ptimer.c
@@ -349,7 +349,7 @@  ptimer_state *ptimer_init(QEMUBH *bh, uint8_t policy_mask)
 {
     ptimer_state *s;
 
-    s = (ptimer_state *)g_malloc0(sizeof(ptimer_state));
+    s = (ptimer_state *) g_new0(ptimer_state, 1);
     s->bh = bh;
     s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ptimer_tick, s);
     s->policy_mask = policy_mask;
diff --git a/hw/core/reset.c b/hw/core/reset.c
index 84c8869371..01d86c3a95 100644
--- a/hw/core/reset.c
+++ b/hw/core/reset.c
@@ -40,7 +40,7 @@  static QTAILQ_HEAD(reset_handlers, QEMUResetEntry) reset_handlers =
 
 void qemu_register_reset(QEMUResetHandler *func, void *opaque)
 {
-    QEMUResetEntry *re = g_malloc0(sizeof(QEMUResetEntry));
+    QEMUResetEntry *re = g_new0(QEMUResetEntry, 1);
 
     re->func = func;
     re->opaque = opaque;
diff --git a/hw/cris/axis_dev88.c b/hw/cris/axis_dev88.c
index 60df8877c1..39924dd7c8 100644
--- a/hw/cris/axis_dev88.c
+++ b/hw/cris/axis_dev88.c
@@ -323,7 +323,7 @@  void axisdev88_init(MachineState *machine)
     }
 
     /* Add the two ethernet blocks.  */
-    dma_eth = g_malloc0(sizeof dma_eth[0] * 4); /* Allocate 4 channels.  */
+    dma_eth = g_new0(typeof(dma_eth[0]), 4); /* Allocate 4 channels.  */
     etraxfs_eth_init(&nd_table[0], 0x30034000, 1, &dma_eth[0], &dma_eth[1]);
     if (nb_nics > 1) {
         etraxfs_eth_init(&nd_table[1], 0x30036000, 2, &dma_eth[2], &dma_eth[3]);
diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c
index 845521c5b2..0ca997cae2 100644
--- a/hw/display/pxa2xx_lcd.c
+++ b/hw/display/pxa2xx_lcd.c
@@ -1006,7 +1006,7 @@  PXA2xxLCDState *pxa2xx_lcdc_init(MemoryRegion *sysmem,
     PXA2xxLCDState *s;
     DisplaySurface *surface;
 
-    s = (PXA2xxLCDState *) g_malloc0(sizeof(PXA2xxLCDState));
+    s = g_new0(PXA2xxLCDState, 1);
     s->invalidated = 1;
     s->irq = irq;
     s->sysmem = sysmem;
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
index 92f7120acc..2f71da1ee9 100644
--- a/hw/display/tc6393xb.c
+++ b/hw/display/tc6393xb.c
@@ -570,7 +570,7 @@  TC6393xbState *tc6393xb_init(MemoryRegion *sysmem, uint32_t base, qemu_irq irq)
         },
     };
 
-    s = (TC6393xbState *) g_malloc0(sizeof(TC6393xbState));
+    s = g_new0(TC6393xbState, 1);
     s->irq = irq;
     s->gpio_in = qemu_allocate_irqs(tc6393xb_gpio_set, s, TC6393XB_GPIOS);
 
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 641f57e7c5..201b69002a 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -628,9 +628,9 @@  int virtio_gpu_create_mapping_iov(struct virtio_gpu_resource_attach_backing *ab,
         return -1;
     }
 
-    *iov = g_malloc0(sizeof(struct iovec) * ab->nr_entries);
+    *iov = g_new0(struct iovec, ab->nr_entries);
     if (addr) {
-        *addr = g_malloc0(sizeof(uint64_t) * ab->nr_entries);
+        *addr = g_new0(uint64_t, ab->nr_entries);
     }
     for (i = 0; i < ab->nr_entries; i++) {
         hwaddr len = ents[i].length;
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index e76c0d805c..aa9821b6e6 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -475,8 +475,8 @@  static int xenfb_map_fb(struct XenFB *xenfb)
     n_fbdirs = xenfb->fbpages * mode / 8;
     n_fbdirs = DIV_ROUND_UP(n_fbdirs, XC_PAGE_SIZE);
 
-    pgmfns = g_malloc0(sizeof(xen_pfn_t) * n_fbdirs);
-    fbmfns = g_malloc0(sizeof(xen_pfn_t) * xenfb->fbpages);
+    pgmfns = g_new0(xen_pfn_t, n_fbdirs);
+    fbmfns = g_new0(xen_pfn_t, xenfb->fbpages);
 
     xenfb_copy_mfns(mode, n_fbdirs, pgmfns, pd);
     map = xenforeignmemory_map(xen_fmem, xenfb->c.xendev.dom,
diff --git a/hw/dma/etraxfs_dma.c b/hw/dma/etraxfs_dma.c
index d5650eb885..014efe9c1b 100644
--- a/hw/dma/etraxfs_dma.c
+++ b/hw/dma/etraxfs_dma.c
@@ -773,7 +773,7 @@  void *etraxfs_dmac_init(hwaddr base, int nr_channels)
         ctrl->bh = qemu_bh_new(DMA_run, ctrl);
 
 	ctrl->nr_channels = nr_channels;
-	ctrl->channels = g_malloc0(sizeof ctrl->channels[0] * nr_channels);
+	ctrl->channels = g_new0(typeof(ctrl->channels[0]), nr_channels);
 
 	memory_region_init_io(&ctrl->mmio, NULL, &dma_ops, ctrl, "etraxfs-dma",
 			      nr_channels * 0x2000);
diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index edf9432051..89248e7418 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -638,8 +638,8 @@  static rc4030_dma *rc4030_allocate_dmas(void *opaque, int n)
     struct rc4030DMAState *p;
     int i;
 
-    s = (rc4030_dma *)g_malloc0(sizeof(rc4030_dma) * n);
-    p = (struct rc4030DMAState *)g_malloc0(sizeof(struct rc4030DMAState) * n);
+    s = g_new0(rc4030_dma, n);
+    p = g_new0(struct rc4030DMAState, n);
     for (i = 0; i < n; i++) {
         p->opaque = opaque;
         p->n = i;
diff --git a/hw/dma/soc_dma.c b/hw/dma/soc_dma.c
index 9bb499bf9c..f1b520ffb9 100644
--- a/hw/dma/soc_dma.c
+++ b/hw/dma/soc_dma.c
@@ -262,8 +262,7 @@  void soc_dma_port_add_fifo(struct soc_dma_s *soc, hwaddr virt_base,
     struct memmap_entry_s *entry;
     struct dma_s *dma = (struct dma_s *) soc;
 
-    dma->memmap = g_realloc(dma->memmap, sizeof(*entry) *
-                    (dma->memmap_size + 1));
+    dma->memmap = g_renew(typeof(*entry), dma->memmap, dma->memmap_size + 1);
     entry = soc_dma_lookup(dma, virt_base);
 
     if (dma->memmap_size) {
@@ -312,8 +311,7 @@  void soc_dma_port_add_mem(struct soc_dma_s *soc, uint8_t *phys_base,
     struct memmap_entry_s *entry;
     struct dma_s *dma = (struct dma_s *) soc;
 
-    dma->memmap = g_realloc(dma->memmap, sizeof(*entry) *
-                    (dma->memmap_size + 1));
+    dma->memmap = g_renew(typeof(*entry), dma->memmap, dma->memmap_size + 1);
     entry = soc_dma_lookup(dma, virt_base);
 
     if (dma->memmap_size) {
diff --git a/hw/i2c/bitbang_i2c.c b/hw/i2c/bitbang_i2c.c
index 8be88ee265..20a9deef1a 100644
--- a/hw/i2c/bitbang_i2c.c
+++ b/hw/i2c/bitbang_i2c.c
@@ -186,7 +186,7 @@  bitbang_i2c_interface *bitbang_i2c_init(I2CBus *bus)
 {
     bitbang_i2c_interface *s;
 
-    s = g_malloc0(sizeof(bitbang_i2c_interface));
+    s = g_new0(bitbang_i2c_interface, 1);
 
     s->bus = bus;
     s->last_data = 1;
diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index 2c1234cdff..1c7959254f 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -130,7 +130,7 @@  int i2c_start_transfer(I2CBus *bus, uint8_t address, int recv)
             DeviceState *qdev = kid->child;
             I2CSlave *candidate = I2C_SLAVE(qdev);
             if ((candidate->address == address) || (bus->broadcast)) {
-                node = g_malloc(sizeof(struct I2CNode));
+                node = g_new(struct I2CNode, 1);
                 node->elt = candidate;
                 QLIST_INSERT_HEAD(&bus->current_devs, node, next);
                 if (!bus->broadcast) {
@@ -256,7 +256,7 @@  static int i2c_slave_post_load(void *opaque, int version_id)
     bus = I2C_BUS(qdev_get_parent_bus(DEVICE(dev)));
     if ((bus->saved_address == dev->address) ||
         (bus->saved_address == I2C_BROADCAST)) {
-        node = g_malloc(sizeof(struct I2CNode));
+        node = g_new(struct I2CNode, 1);
         node->elt = dev;
         QLIST_INSERT_HEAD(&bus->current_devs, node, next);
     }
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 7b6d4ea3f3..78fafc8eeb 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -1033,13 +1033,13 @@  static AddressSpace *amdvi_host_dma_iommu(PCIBus *bus, void *opaque, int devfn)
 
     /* allocate memory during the first run */
     if (!iommu_as) {
-        iommu_as = g_malloc0(sizeof(AMDVIAddressSpace *) * PCI_DEVFN_MAX);
+        iommu_as = g_new0(AMDVIAddressSpace *, PCI_DEVFN_MAX);
         s->address_spaces[bus_num] = iommu_as;
     }
 
     /* set up AMD-Vi region */
     if (!iommu_as[devfn]) {
-        iommu_as[devfn] = g_malloc0(sizeof(AMDVIAddressSpace));
+        iommu_as[devfn] = g_new0(AMDVIAddressSpace, 1);
         iommu_as[devfn]->bus_num = (uint8_t)bus_num;
         iommu_as[devfn]->devfn = (uint8_t)devfn;
         iommu_as[devfn]->iommu_state = s;
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 15610b9de8..e7e9eed416 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2790,7 +2790,7 @@  VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, PCIBus *bus, int devfn)
 
     if (!vtd_dev_as) {
         snprintf(name, sizeof(name), "intel_iommu_devfn_%d", devfn);
-        vtd_bus->dev_as[devfn] = vtd_dev_as = g_malloc0(sizeof(VTDAddressSpace));
+        vtd_bus->dev_as[devfn] = vtd_dev_as = g_new0(VTDAddressSpace, 1);
 
         vtd_dev_as->bus = bus;
         vtd_dev_as->devfn = (uint8_t)devfn;
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 87dcbdd51a..41df0cc7f6 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -1068,7 +1068,7 @@  static int assigned_dev_update_msix_mmio(PCIDevice *pci_dev)
     free_msi_virqs(adev);
 
     adev->msi_virq_nr = adev->msix_max;
-    adev->msi_virq = g_malloc(adev->msix_max * sizeof(*adev->msi_virq));
+    adev->msi_virq = g_new(typeof(*adev->msi_virq), adev->msix_max);
 
     entry = adev->msix_table;
     for (i = 0; i < adev->msix_max; i++, entry++) {
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 5b8c6fbbea..e8eed042ae 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -720,7 +720,7 @@  static void pc_build_smbios(PCMachineState *pcms)
     }
 
     /* build the array of physical mem area from e820 table */
-    mem_array = g_malloc0(sizeof(*mem_array) * e820_get_num_entries());
+    mem_array = g_new0(typeof(*mem_array), e820_get_num_entries());
     for (i = 0, array_count = 0; i < e820_get_num_entries(); i++) {
         uint64_t addr, len;
 
@@ -1280,8 +1280,7 @@  void pc_guest_info_init(PCMachineState *pcms)
 
     pcms->apic_xrupt_override = kvm_allows_irq0_override();
     pcms->numa_nodes = nb_numa_nodes;
-    pcms->node_mem = g_malloc0(pcms->numa_nodes *
-                                    sizeof *pcms->node_mem);
+    pcms->node_mem = g_new0(typeof(*pcms->node_mem), pcms->numa_nodes);
     for (i = 0; i < nb_numa_nodes; i++) {
         pcms->node_mem[i] = numa_info[i].node_mem;
     }
diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c
index 1acd4de405..17285a6f84 100644
--- a/hw/i386/xen/xen-hvm.c
+++ b/hw/i386/xen/xen-hvm.c
@@ -260,7 +260,7 @@  void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size, MemoryRegion *mr,
     trace_xen_ram_alloc(ram_addr, size);
 
     nr_pfn = size >> TARGET_PAGE_BITS;
-    pfn_list = g_malloc(sizeof (*pfn_list) * nr_pfn);
+    pfn_list = g_new(typeof(*pfn_list), nr_pfn);
 
     for (i = 0; i < nr_pfn; i++) {
         pfn_list[i] = (ram_addr >> TARGET_PAGE_BITS) + i;
@@ -355,7 +355,7 @@  go_physmap:
 
     mr_name = memory_region_name(mr);
 
-    physmap = g_malloc(sizeof (XenPhysmap));
+    physmap = g_new(XenPhysmap, 1);
 
     physmap->start_addr = start_addr;
     physmap->size = size;
@@ -1167,7 +1167,7 @@  static void xen_read_physmap(XenIOState *state)
         return;
 
     for (i = 0; i < num; i++) {
-        physmap = g_malloc(sizeof (XenPhysmap));
+        physmap = g_new(XenPhysmap, 1);
         physmap->phys_offset = strtoull(entries[i], NULL, 16);
         snprintf(path, sizeof(path),
                 "/local/domain/0/device-model/%d/physmap/%s/start_addr",
@@ -1214,7 +1214,7 @@  void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
     evtchn_port_t bufioreq_evtchn;
     XenIOState *state;
 
-    state = g_malloc0(sizeof (XenIOState));
+    state = g_new0(XenIOState, 1);
 
     state->xce_handle = xenevtchn_open(NULL, 0);
     if (state->xce_handle == NULL) {
@@ -1295,7 +1295,7 @@  void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
     }
 
     /* Note: cpus is empty at this point in init */
-    state->cpu_by_vcpu_id = g_malloc0(max_cpus * sizeof(CPUState *));
+    state->cpu_by_vcpu_id = g_new0(CPUState *, max_cpus);
 
     rc = xen_set_ioreq_server_state(xen_domid, state->ioservid, true);
     if (rc < 0) {
@@ -1304,7 +1304,7 @@  void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
         goto err;
     }
 
-    state->ioreq_local_port = g_malloc0(max_cpus * sizeof (evtchn_port_t));
+    state->ioreq_local_port = g_new0(evtchn_port_t, max_cpus);
 
     /* FIXME: how about if we overflow the page here? */
     for (i = 0; i < max_cpus; i++) {
diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c
index e60156c04f..bbfd60e1ec 100644
--- a/hw/i386/xen/xen-mapcache.c
+++ b/hw/i386/xen/xen-mapcache.c
@@ -106,7 +106,7 @@  void xen_map_cache_init(phys_offset_to_gaddr_t f, void *opaque)
     unsigned long size;
     struct rlimit rlimit_as;
 
-    mapcache = g_malloc0(sizeof (MapCache));
+    mapcache = g_new0(MapCache, 1);
 
     mapcache->phys_offset_to_gaddr = f;
     mapcache->opaque = opaque;
@@ -160,8 +160,8 @@  static void xen_remap_bucket(MapCacheEntry *entry,
 
     trace_xen_remap_bucket(address_index);
 
-    pfns = g_malloc0(nb_pfn * sizeof (xen_pfn_t));
-    err = g_malloc0(nb_pfn * sizeof (int));
+    pfns = g_new0(xen_pfn_t, nb_pfn);
+    err = g_new0(int, nb_pfn);
 
     if (entry->vaddr_base != NULL) {
         ram_block_notify_remove(entry->vaddr_base, entry->size);
@@ -187,8 +187,8 @@  static void xen_remap_bucket(MapCacheEntry *entry,
     entry->vaddr_base = vaddr_base;
     entry->paddr_index = address_index;
     entry->size = size;
-    entry->valid_mapping = (unsigned long *) g_malloc0(sizeof(unsigned long) *
-            BITS_TO_LONGS(size >> XC_PAGE_SHIFT));
+    entry->valid_mapping = g_new0(unsigned long,
+                                  BITS_TO_LONGS(size >> XC_PAGE_SHIFT));
 
     ram_block_notify_add(entry->vaddr_base, entry->size);
     bitmap_zero(entry->valid_mapping, nb_pfn);
@@ -260,7 +260,7 @@  tryagain:
         entry = entry->next;
     }
     if (!entry) {
-        entry = g_malloc0(sizeof (MapCacheEntry));
+        entry = g_new0(MapCacheEntry, 1);
         pentry->next = entry;
         xen_remap_bucket(entry, cache_size, address_index);
     } else if (!entry->lock) {
@@ -288,7 +288,7 @@  tryagain:
 
     mapcache->last_entry = entry;
     if (lock) {
-        MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev));
+        MapCacheRev *reventry = g_new0(MapCacheRev, 1);
         entry->lock++;
         reventry->dma = dma;
         reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset;
diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index c479f827b6..ef9e055b1d 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -465,7 +465,7 @@  void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
                    MemoryRegion *region, ram_addr_t size,
                    hwaddr mask)
 {
-    KBDState *s = g_malloc0(sizeof(KBDState));
+    KBDState *s = g_new0(KBDState, 1);
 
     s->irq_kbd = kbd_irq;
     s->irq_mouse = mouse_irq;
diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 1d3a440bbd..8976b55a64 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -1294,7 +1294,7 @@  static QemuInputHandler ps2_keyboard_handler = {
 
 void *ps2_kbd_init(void (*update_irq)(void *, int), void *update_arg)
 {
-    PS2KbdState *s = (PS2KbdState *)g_malloc0(sizeof(PS2KbdState));
+    PS2KbdState *s = g_new0(PS2KbdState, 1);
 
     trace_ps2_kbd_init(s);
     s->common.update_irq = update_irq;
@@ -1316,7 +1316,7 @@  static QemuInputHandler ps2_mouse_handler = {
 
 void *ps2_mouse_init(void (*update_irq)(void *, int), void *update_arg)
 {
-    PS2MouseState *s = (PS2MouseState *)g_malloc0(sizeof(PS2MouseState));
+    PS2MouseState *s = g_new0(PS2MouseState, 1);
 
     trace_ps2_mouse_init(s);
     s->common.update_irq = update_irq;
diff --git a/hw/input/pxa2xx_keypad.c b/hw/input/pxa2xx_keypad.c
index 2b70bbb95c..016b095e94 100644
--- a/hw/input/pxa2xx_keypad.c
+++ b/hw/input/pxa2xx_keypad.c
@@ -310,7 +310,7 @@  PXA2xxKeyPadState *pxa27x_keypad_init(MemoryRegion *sysmem,
 {
     PXA2xxKeyPadState *s;
 
-    s = (PXA2xxKeyPadState *) g_malloc0(sizeof(PXA2xxKeyPadState));
+    s = g_new0(PXA2xxKeyPadState, 1);
     s->irq = irq;
 
     memory_region_init_io(&s->iomem, NULL, &pxa2xx_keypad_ops, s,
diff --git a/hw/input/tsc2005.c b/hw/input/tsc2005.c
index eb5320af40..34dd4ea0da 100644
--- a/hw/input/tsc2005.c
+++ b/hw/input/tsc2005.c
@@ -485,8 +485,7 @@  void *tsc2005_init(qemu_irq pintdav)
 {
     TSC2005State *s;
 
-    s = (TSC2005State *)
-            g_malloc0(sizeof(TSC2005State));
+    s = g_new0(TSC2005State, 1);
     s->x = 400;
     s->y = 240;
     s->pressure = false;
diff --git a/hw/input/virtio-input.c b/hw/input/virtio-input.c
index 0e42f0d02c..f485658cb1 100644
--- a/hw/input/virtio-input.c
+++ b/hw/input/virtio-input.c
@@ -31,8 +31,8 @@  void virtio_input_send(VirtIOInput *vinput, virtio_input_event *event)
     /* queue up events ... */
     if (vinput->qindex == vinput->qsize) {
         vinput->qsize++;
-        vinput->queue = g_realloc(vinput->queue, vinput->qsize *
-                                  sizeof(vinput->queue[0]));
+        vinput->queue = g_renew(typeof(vinput->queue[0]), vinput->queue,
+                                vinput->qsize);
     }
     vinput->queue[vinput->qindex++].event = *event;
 
diff --git a/hw/intc/exynos4210_gic.c b/hw/intc/exynos4210_gic.c
index 2a55817b76..5bf2301bee 100644
--- a/hw/intc/exynos4210_gic.c
+++ b/hw/intc/exynos4210_gic.c
@@ -444,7 +444,7 @@  static void exynos4210_irq_gate_realize(DeviceState *dev, Error **errp)
      * them */
     qdev_init_gpio_in(dev, exynos4210_irq_gate_handler, s->n_in);
 
-    s->level = g_malloc0(s->n_in * sizeof(*s->level));
+    s->level = g_new0(typeof(*s->level), s->n_in);
 }
 
 static void exynos4210_irq_gate_class_init(ObjectClass *klass, void *data)
diff --git a/hw/intc/heathrow_pic.c b/hw/intc/heathrow_pic.c
index 171f5ed814..90c1e6a4b1 100644
--- a/hw/intc/heathrow_pic.c
+++ b/hw/intc/heathrow_pic.c
@@ -201,7 +201,7 @@  qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
 {
     HeathrowPICS *s;
 
-    s = g_malloc0(sizeof(HeathrowPICS));
+    s = g_new0(HeathrowPICS, 1);
     /* only 1 CPU */
     s->irqs = irqs[0];
     memory_region_init_io(&s->mem, NULL, &heathrow_pic_ops, s,
diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index ea3516794a..2db63b6192 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -609,7 +609,7 @@  static void ics_simple_realize(DeviceState *dev, Error **errp)
         error_setg(errp, "Number of interrupts needs to be greater 0");
         return;
     }
-    ics->irqs = g_malloc0(ics->nr_irqs * sizeof(ICSIRQState));
+    ics->irqs = g_new0(ICSIRQState, ics->nr_irqs);
     ics->qirqs = qemu_allocate_irqs(ics_simple_set_irq, ics, ics->nr_irqs);
 
     qemu_register_reset(ics_simple_reset, dev);
diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
index 14b8f6f6e4..fe0dd5eb73 100644
--- a/hw/intc/xics_kvm.c
+++ b/hw/intc/xics_kvm.c
@@ -359,7 +359,7 @@  static void ics_kvm_realize(DeviceState *dev, Error **errp)
         error_setg(errp, "Number of interrupts needs to be greater 0");
         return;
     }
-    ics->irqs = g_malloc0(ics->nr_irqs * sizeof(ICSIRQState));
+    ics->irqs = g_new0(ICSIRQState, ics->nr_irqs);
     ics->qirqs = qemu_allocate_irqs(ics_kvm_set_irq, ics, ics->nr_irqs);
 
     qemu_register_reset(ics_kvm_reset, dev);
diff --git a/hw/lm32/lm32_boards.c b/hw/lm32/lm32_boards.c
index 8f0c3079d6..276d6a62ac 100644
--- a/hw/lm32/lm32_boards.c
+++ b/hw/lm32/lm32_boards.c
@@ -99,7 +99,7 @@  static void lm32_evr_init(MachineState *machine)
     int timer0_irq                 = 1;
     int timer1_irq                 = 3;
 
-    reset_info = g_malloc0(sizeof(ResetInfo));
+    reset_info = g_new0(ResetInfo, 1);
 
     if (cpu_model == NULL) {
         cpu_model = "lm32-full";
@@ -200,7 +200,7 @@  static void lm32_uclinux_init(MachineState *machine)
     hwaddr initrd_base  = 0x08400000;
     size_t initrd_max               = 0x01000000;
 
-    reset_info = g_malloc0(sizeof(ResetInfo));
+    reset_info = g_new0(ResetInfo, 1);
 
     if (cpu_model == NULL) {
         cpu_model = "lm32-full";
diff --git a/hw/lm32/milkymist.c b/hw/lm32/milkymist.c
index 5cae0f19dd..339a80f40b 100644
--- a/hw/lm32/milkymist.c
+++ b/hw/lm32/milkymist.c
@@ -106,7 +106,7 @@  milkymist_init(MachineState *machine)
     hwaddr cmdline_base = sdram_base + 0x1000000;
     size_t initrd_max = sdram_size - 0x1002000;
 
-    reset_info = g_malloc0(sizeof(ResetInfo));
+    reset_info = g_new0(ResetInfo, 1);
 
     if (cpu_model == NULL) {
         cpu_model = "lm32-full";
diff --git a/hw/m68k/mcf5206.c b/hw/m68k/mcf5206.c
index b81901fdfd..df45e99547 100644
--- a/hw/m68k/mcf5206.c
+++ b/hw/m68k/mcf5206.c
@@ -137,7 +137,7 @@  static m5206_timer_state *m5206_timer_init(qemu_irq irq)
     m5206_timer_state *s;
     QEMUBH *bh;
 
-    s = (m5206_timer_state *)g_malloc0(sizeof(m5206_timer_state));
+    s = g_new0(m5206_timer_state, 1);
     bh = qemu_bh_new(m5206_timer_trigger, s);
     s->timer = ptimer_init(bh, PTIMER_POLICY_DEFAULT);
     s->irq = irq;
@@ -533,7 +533,7 @@  qemu_irq *mcf5206_init(MemoryRegion *sysmem, uint32_t base, M68kCPU *cpu)
     m5206_mbar_state *s;
     qemu_irq *pic;
 
-    s = (m5206_mbar_state *)g_malloc0(sizeof(m5206_mbar_state));
+    s = g_new0(m5206_mbar_state, 1);
 
     memory_region_init_io(&s->iomem, NULL, &m5206_mbar_ops, s,
                           "mbar", 0x00001000);
diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
index 656351834e..5540719309 100644
--- a/hw/m68k/mcf5208.c
+++ b/hw/m68k/mcf5208.c
@@ -183,7 +183,7 @@  static void mcf5208_sys_init(MemoryRegion *address_space, qemu_irq *pic)
     memory_region_add_subregion(address_space, 0xfc0a8000, iomem);
     /* Timers.  */
     for (i = 0; i < 2; i++) {
-        s = (m5208_timer_state *)g_malloc0(sizeof(m5208_timer_state));
+        s = g_new0(m5208_timer_state, 1);
         bh = qemu_bh_new(m5208_timer_trigger, s);
         s->timer = ptimer_init(bh, PTIMER_POLICY_DEFAULT);
         memory_region_init_io(&s->iomem, NULL, &m5208_timer_ops, s,
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 95cdabb2dd..0adbfae39a 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -555,7 +555,7 @@  static MaltaFPGAState *malta_fpga_init(MemoryRegion *address_space,
     MaltaFPGAState *s;
     Chardev *chr;
 
-    s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
+    s = g_new0(MaltaFPGAState, 1);
 
     memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
                           "malta-fpga", 0x100000);
diff --git a/hw/mips/mips_mipssim.c b/hw/mips/mips_mipssim.c
index 1b91195006..ff624d71ef 100644
--- a/hw/mips/mips_mipssim.c
+++ b/hw/mips/mips_mipssim.c
@@ -169,7 +169,7 @@  mips_mipssim_init(MachineState *machine)
     }
     env = &cpu->env;
 
-    reset_info = g_malloc0(sizeof(ResetData));
+    reset_info = g_new0(ResetData, 1);
     reset_info->cpu = cpu;
     reset_info->vector = env->active_tc.PC;
     qemu_register_reset(main_cpu_reset, reset_info);
diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
index f4de9fc343..6780e60094 100644
--- a/hw/mips/mips_r4k.c
+++ b/hw/mips/mips_r4k.c
@@ -198,7 +198,7 @@  void mips_r4k_init(MachineState *machine)
     }
     env = &cpu->env;
 
-    reset_info = g_malloc0(sizeof(ResetData));
+    reset_info = g_new0(ResetData, 1);
     reset_info->cpu = cpu;
     reset_info->vector = env->active_tc.PC;
     qemu_register_reset(main_cpu_reset, reset_info);
diff --git a/hw/misc/applesmc.c b/hw/misc/applesmc.c
index 77fab5b9d2..416875dea7 100644
--- a/hw/misc/applesmc.c
+++ b/hw/misc/applesmc.c
@@ -179,7 +179,7 @@  static void applesmc_add_key(AppleSMCState *s, const char *key,
 {
     struct AppleSMCData *def;
 
-    def = g_malloc0(sizeof(struct AppleSMCData));
+    def = g_new0(struct AppleSMCData, 1);
     def->key = key;
     def->len = len;
     def->data = data;
diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
index cfb08710fb..9342bce6de 100644
--- a/hw/misc/imx6_src.c
+++ b/hw/misc/imx6_src.c
@@ -149,7 +149,7 @@  static void imx6_defer_clear_reset_bit(int cpuid,
         return;
     }
 
-    ri = g_malloc(sizeof(struct SRCSCRResetInfo));
+    ri = g_new(struct SRCSCRResetInfo, 1);
     ri->s = s;
     ri->reset_bit = reset_shift;
 
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 6367d041f0..75832c02a3 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -429,7 +429,7 @@  static void resize_peers(IVShmemState *s, int nb_peers)
     assert(nb_peers > old_nb_peers);
     IVSHMEM_DPRINTF("bumping storage to %d peers\n", nb_peers);
 
-    s->peers = g_realloc(s->peers, nb_peers * sizeof(Peer));
+    s->peers = g_renew(Peer, s->peers, nb_peers);
     s->nb_peers = nb_peers;
 
     for (i = old_nb_peers; i < nb_peers; i++) {
@@ -752,7 +752,7 @@  static void ivshmem_reset(DeviceState *d)
 static int ivshmem_setup_interrupts(IVShmemState *s, Error **errp)
 {
     /* allocate QEMU callback data for receiving interrupts */
-    s->msi_vectors = g_malloc0(s->vectors * sizeof(MSIVector));
+    s->msi_vectors = g_new0(MSIVector, s->vectors);
 
     if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
         if (msix_init_exclusive_bar(PCI_DEVICE(s), s->vectors, 1, errp)) {
diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index 15452b9a28..1b8c80ba75 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -803,7 +803,7 @@  void* DBDMA_init (MemoryRegion **dbdma_mem)
     DBDMAState *s;
     int i;
 
-    s = g_malloc0(sizeof(DBDMAState));
+    s = g_new0(DBDMAState, 1);
 
     for (i = 0; i < DBDMA_CHANNELS; i++) {
         DBDMA_io *io = &s->channels[i].io;
diff --git a/hw/misc/pci-testdev.c b/hw/misc/pci-testdev.c
index 7d5990213e..c08049d570 100644
--- a/hw/misc/pci-testdev.c
+++ b/hw/misc/pci-testdev.c
@@ -254,7 +254,7 @@  static void pci_testdev_realize(PCIDevice *pci_dev, Error **errp)
     pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->portio);
 
     d->current = -1;
-    d->tests = g_malloc0(IOTEST_MAX * sizeof *d->tests);
+    d->tests = g_new0(typeof(*d->tests), IOTEST_MAX);
     for (i = 0; i < IOTEST_MAX; ++i) {
         IOTest *test = &d->tests[i];
         name = g_strdup_printf("%s-%s", IOTEST_TYPE(i), IOTEST_TEST(i));
diff --git a/hw/net/net_rx_pkt.c b/hw/net/net_rx_pkt.c
index cef1c2e0d1..8d9454c719 100644
--- a/hw/net/net_rx_pkt.c
+++ b/hw/net/net_rx_pkt.c
@@ -78,7 +78,7 @@  net_rx_pkt_iovec_realloc(struct NetRxPkt *pkt,
 {
     if (pkt->vec_len_total < new_iov_len) {
         g_free(pkt->vec);
-        pkt->vec = g_malloc(sizeof(*pkt->vec) * new_iov_len);
+        pkt->vec = g_new(typeof(*pkt->vec), new_iov_len);
         pkt->vec_len_total = new_iov_len;
     }
 }
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 9a3d769aa2..84c13cdc29 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1934,7 +1934,7 @@  static void virtio_net_device_realize(DeviceState *dev, Error **errp)
         virtio_cleanup(vdev);
         return;
     }
-    n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
+    n->vqs = g_new0(VirtIONetQueue, n->max_queues);
     n->curr_queues = 1;
     n->tx_timeout = n->net_conf.txtimer;
 
diff --git a/hw/pci/msix.c b/hw/pci/msix.c
index 4af09afe6b..e94a88594a 100644
--- a/hw/pci/msix.c
+++ b/hw/pci/msix.c
@@ -317,7 +317,7 @@  int msix_init(struct PCIDevice *dev, unsigned short nentries,
 
     dev->msix_table = g_malloc0(table_size);
     dev->msix_pba = g_malloc0(pba_size);
-    dev->msix_entry_used = g_malloc0(nentries * sizeof *dev->msix_entry_used);
+    dev->msix_entry_used = g_new0(typeof(*dev->msix_entry_used), nentries);
 
     msix_mask_all(dev, nentries);
 
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 98ccc27533..8b948c2c09 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -419,7 +419,7 @@  void pci_bus_irqs(PCIBus *bus, pci_set_irq_fn set_irq, pci_map_irq_fn map_irq,
     bus->map_irq = map_irq;
     bus->irq_opaque = irq_opaque;
     bus->nirq = nirq;
-    bus->irq_count = g_malloc0(nirq * sizeof(bus->irq_count[0]));
+    bus->irq_count = g_new0(typeof(bus->irq_count[0]), nirq);
 }
 
 PCIBus *pci_register_bus(DeviceState *parent, const char *name,
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
index 828052b0c0..59753a7f18 100644
--- a/hw/pci/pcie_aer.c
+++ b/hw/pci/pcie_aer.c
@@ -117,8 +117,8 @@  int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
                 "is %d", dev->exp.aer_log.log_max, PCIE_AER_LOG_MAX_LIMIT);
         return -EINVAL;
     }
-    dev->exp.aer_log.log = g_malloc0(sizeof dev->exp.aer_log.log[0] *
-                                        dev->exp.aer_log.log_max);
+    dev->exp.aer_log.log = g_new0(typeof(dev->exp.aer_log.log[0]),
+                                  dev->exp.aer_log.log_max);
 
     pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS,
                  PCI_ERR_UNC_SUPPORTED);
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 62f1857206..60cf07777a 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -812,7 +812,7 @@  void ppce500_init(MachineState *machine, PPCE500Params *params)
         machine->cpu_model = "e500v2_v30";
     }
 
-    irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
+    irqs = g_new0(qemu_irq *, smp_cpus);
     irqs[0] = g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB);
     for (i = 0; i < smp_cpus; i++) {
         PowerPCCPU *cpu;
@@ -851,7 +851,7 @@  void ppce500_init(MachineState *machine, PPCE500Params *params)
         if (!i) {
             /* Primary CPU */
             struct boot_info *boot_info;
-            boot_info = g_malloc0(sizeof(struct boot_info));
+            boot_info = g_new0(struct boot_info, 1);
             qemu_register_reset(ppce500_cpu_reset, cpu);
             env->load_info = boot_info;
         } else {
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index bae1c0ac99..9e4c06e2e6 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -304,7 +304,7 @@  static void ppc_core99_init(MachineState *machine)
     memory_region_init_io(unin2_memory, NULL, &unin_ops, token, "unin", 0x1000);
     memory_region_add_subregion(get_system_memory(), 0xf3000000, unin2_memory);
 
-    openpic_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
+    openpic_irqs = g_new0(qemu_irq *, smp_cpus);
     openpic_irqs[0] =
         g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB);
     for (i = 0; i < smp_cpus; i++) {
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 97bb8541d7..d1cae32293 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -241,7 +241,7 @@  static void ppc_heathrow_init(MachineState *machine)
     memory_region_add_subregion(sysmem, 0xfe000000, isa);
 
     /* XXX: we register only 1 output pin for heathrow PIC */
-    heathrow_irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
+    heathrow_irqs = g_new0(qemu_irq *, smp_cpus);
     heathrow_irqs[0] =
         g_malloc0(smp_cpus * sizeof(qemu_irq) * 1);
     /* Connect the heathrow PIC outputs to the 6xx bus */
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index 224184d66d..66fa2f5629 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -963,7 +963,7 @@  clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq)
     PowerPCCPU *cpu = ppc_env_get_cpu(env);
     ppc_tb_t *tb_env;
 
-    tb_env = g_malloc0(sizeof(ppc_tb_t));
+    tb_env = g_new0(ppc_tb_t, 1);
     env->tb_env = tb_env;
     tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
     if (env->insns_flags & PPC_SEGMENT_64B) {
@@ -1222,10 +1222,10 @@  clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, uint32_t freq,
     ppc_tb_t *tb_env;
     ppc40x_timer_t *ppc40x_timer;
 
-    tb_env = g_malloc0(sizeof(ppc_tb_t));
+    tb_env = g_new0(ppc_tb_t, 1);
     env->tb_env = tb_env;
     tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
-    ppc40x_timer = g_malloc0(sizeof(ppc40x_timer_t));
+    ppc40x_timer = g_new0(ppc40x_timer_t, 1);
     tb_env->tb_freq = freq;
     tb_env->decr_freq = freq;
     tb_env->opaque = ppc40x_timer;
@@ -1330,7 +1330,7 @@  int ppc_dcr_init (CPUPPCState *env, int (*read_error)(int dcrn),
 {
     ppc_dcr_t *dcr_env;
 
-    dcr_env = g_malloc0(sizeof(ppc_dcr_t));
+    dcr_env = g_new0(ppc_dcr_t, 1);
     dcr_env->read_error = read_error;
     dcr_env->write_error = write_error;
     env->dcr_env = dcr_env;
diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index d01798f245..4968c3fb70 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -169,7 +169,7 @@  static void ref405ep_fpga_init(MemoryRegion *sysmem, uint32_t base)
     ref405ep_fpga_t *fpga;
     MemoryRegion *fpga_memory = g_new(MemoryRegion, 1);
 
-    fpga = g_malloc0(sizeof(ref405ep_fpga_t));
+    fpga = g_new0(ref405ep_fpga_t, 1);
     memory_region_init_io(fpga_memory, NULL, &ref405ep_fpga_ops, fpga,
                           "fpga", 0x00000100);
     memory_region_add_subregion(sysmem, base, fpga_memory);
@@ -189,7 +189,7 @@  static void ref405ep_init(MachineState *machine)
     MemoryRegion *bios;
     MemoryRegion *sram = g_new(MemoryRegion, 1);
     ram_addr_t bdloc;
-    MemoryRegion *ram_memories = g_malloc(2 * sizeof(*ram_memories));
+    MemoryRegion *ram_memories = g_new(typeof(*ram_memories), 2);
     hwaddr ram_bases[2], ram_sizes[2];
     target_ulong sram_size;
     long bios_size;
@@ -474,7 +474,7 @@  static void taihu_cpld_init(MemoryRegion *sysmem, uint32_t base)
     taihu_cpld_t *cpld;
     MemoryRegion *cpld_memory = g_new(MemoryRegion, 1);
 
-    cpld = g_malloc0(sizeof(taihu_cpld_t));
+    cpld = g_new0(taihu_cpld_t, 1);
     memory_region_init_io(cpld_memory, NULL, &taihu_cpld_ops, cpld, "cpld", 0x100);
     memory_region_add_subregion(sysmem, base, cpld_memory);
     qemu_register_reset(&taihu_cpld_reset, cpld);
@@ -489,7 +489,7 @@  static void taihu_405ep_init(MachineState *machine)
     qemu_irq *pic;
     MemoryRegion *sysmem = get_system_memory();
     MemoryRegion *bios;
-    MemoryRegion *ram_memories = g_malloc(2 * sizeof(*ram_memories));
+    MemoryRegion *ram_memories = g_new(typeof(*ram_memories), 2);
     MemoryRegion *ram = g_malloc0(sizeof(*ram));
     hwaddr ram_bases[2], ram_sizes[2];
     long bios_size;
diff --git a/hw/ppc/ppc405_uc.c b/hw/ppc/ppc405_uc.c
index fc32e96bf4..eb1908dc0a 100644
--- a/hw/ppc/ppc405_uc.c
+++ b/hw/ppc/ppc405_uc.c
@@ -179,7 +179,7 @@  static void ppc4xx_plb_init(CPUPPCState *env)
 {
     ppc4xx_plb_t *plb;
 
-    plb = g_malloc0(sizeof(ppc4xx_plb_t));
+    plb = g_new0(ppc4xx_plb_t, 1);
     ppc_dcr_register(env, PLB0_ACR, plb, &dcr_read_plb, &dcr_write_plb);
     ppc_dcr_register(env, PLB0_BEAR, plb, &dcr_read_plb, &dcr_write_plb);
     ppc_dcr_register(env, PLB0_BESR, plb, &dcr_read_plb, &dcr_write_plb);
@@ -261,7 +261,7 @@  static void ppc4xx_pob_init(CPUPPCState *env)
 {
     ppc4xx_pob_t *pob;
 
-    pob = g_malloc0(sizeof(ppc4xx_pob_t));
+    pob = g_new0(ppc4xx_pob_t, 1);
     ppc_dcr_register(env, POB0_BEAR, pob, &dcr_read_pob, &dcr_write_pob);
     ppc_dcr_register(env, POB0_BESR0, pob, &dcr_read_pob, &dcr_write_pob);
     ppc_dcr_register(env, POB0_BESR1, pob, &dcr_read_pob, &dcr_write_pob);
@@ -392,7 +392,7 @@  static void ppc4xx_opba_init(hwaddr base)
 {
     ppc4xx_opba_t *opba;
 
-    opba = g_malloc0(sizeof(ppc4xx_opba_t));
+    opba = g_new0(ppc4xx_opba_t, 1);
 #ifdef DEBUG_OPBA
     printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
 #endif
@@ -590,7 +590,7 @@  static void ppc405_ebc_init(CPUPPCState *env)
 {
     ppc4xx_ebc_t *ebc;
 
-    ebc = g_malloc0(sizeof(ppc4xx_ebc_t));
+    ebc = g_new0(ppc4xx_ebc_t, 1);
     qemu_register_reset(&ebc_reset, ebc);
     ppc_dcr_register(env, EBC0_CFGADDR,
                      ebc, &dcr_read_ebc, &dcr_write_ebc);
@@ -673,7 +673,7 @@  static void ppc405_dma_init(CPUPPCState *env, qemu_irq irqs[4])
 {
     ppc405_dma_t *dma;
 
-    dma = g_malloc0(sizeof(ppc405_dma_t));
+    dma = g_new0(ppc405_dma_t, 1);
     memcpy(dma->irqs, irqs, 4 * sizeof(qemu_irq));
     qemu_register_reset(&ppc405_dma_reset, dma);
     ppc_dcr_register(env, DMA0_CR0,
@@ -814,7 +814,7 @@  static void ppc405_gpio_init(hwaddr base)
 {
     ppc405_gpio_t *gpio;
 
-    gpio = g_malloc0(sizeof(ppc405_gpio_t));
+    gpio = g_new0(ppc405_gpio_t, 1);
 #ifdef DEBUG_GPIO
     printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
 #endif
@@ -976,7 +976,7 @@  static void ppc405_ocm_init(CPUPPCState *env)
 {
     ppc405_ocm_t *ocm;
 
-    ocm = g_malloc0(sizeof(ppc405_ocm_t));
+    ocm = g_new0(ppc405_ocm_t, 1);
     /* XXX: Size is 4096 or 0x04000000 */
     memory_region_init_ram(&ocm->isarc_ram, NULL, "ppc405.ocm", 4096,
                            &error_fatal);
@@ -1224,7 +1224,7 @@  static void ppc405_i2c_init(hwaddr base, qemu_irq irq)
 {
     ppc4xx_i2c_t *i2c;
 
-    i2c = g_malloc0(sizeof(ppc4xx_i2c_t));
+    i2c = g_new0(ppc4xx_i2c_t, 1);
     i2c->irq = irq;
 #ifdef DEBUG_I2C
     printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
@@ -1500,7 +1500,7 @@  static void ppc4xx_gpt_init(hwaddr base, qemu_irq irqs[5])
     ppc4xx_gpt_t *gpt;
     int i;
 
-    gpt = g_malloc0(sizeof(ppc4xx_gpt_t));
+    gpt = g_new0(ppc4xx_gpt_t, 1);
     for (i = 0; i < 5; i++) {
         gpt->irqs[i] = irqs[i];
     }
@@ -1731,7 +1731,7 @@  static void ppc405_mal_init(CPUPPCState *env, qemu_irq irqs[4])
     ppc40x_mal_t *mal;
     int i;
 
-    mal = g_malloc0(sizeof(ppc40x_mal_t));
+    mal = g_new0(ppc40x_mal_t, 1);
     for (i = 0; i < 4; i++)
         mal->irqs[i] = irqs[i];
     qemu_register_reset(&ppc40x_mal_reset, mal);
@@ -2088,7 +2088,7 @@  static void ppc405cr_cpc_init (CPUPPCState *env, clk_setup_t clk_setup[7],
 {
     ppc405cr_cpc_t *cpc;
 
-    cpc = g_malloc0(sizeof(ppc405cr_cpc_t));
+    cpc = g_new0(ppc405cr_cpc_t, 1);
     memcpy(cpc->clk_setup, clk_setup,
            PPC405CR_CLK_NB * sizeof(clk_setup_t));
     cpc->sysclk = sysclk;
@@ -2138,7 +2138,7 @@  CPUPPCState *ppc405cr_init(MemoryRegion *address_space_mem,
     /* OBP arbitrer */
     ppc4xx_opba_init(0xef600600);
     /* Universal interrupt controller */
-    irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+    irqs = g_new0(qemu_irq, PPCUIC_OUTPUT_NB);
     irqs[PPCUIC_OUTPUT_INT] =
         ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
     irqs[PPCUIC_OUTPUT_CINT] =
@@ -2432,7 +2432,7 @@  static void ppc405ep_cpc_init (CPUPPCState *env, clk_setup_t clk_setup[8],
 {
     ppc405ep_cpc_t *cpc;
 
-    cpc = g_malloc0(sizeof(ppc405ep_cpc_t));
+    cpc = g_new0(ppc405ep_cpc_t, 1);
     memcpy(cpc->clk_setup, clk_setup,
            PPC405EP_CLK_NB * sizeof(clk_setup_t));
     cpc->jtagid = 0x20267049;
@@ -2495,7 +2495,7 @@  CPUPPCState *ppc405ep_init(MemoryRegion *address_space_mem,
     /* Initialize timers */
     ppc_booke_timers_init(cpu, sysclk, 0);
     /* Universal interrupt controller */
-    irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+    irqs = g_new0(qemu_irq, PPCUIC_OUTPUT_NB);
     irqs[PPCUIC_OUTPUT_INT] =
         ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
     irqs[PPCUIC_OUTPUT_CINT] =
diff --git a/hw/ppc/ppc440_bamboo.c b/hw/ppc/ppc440_bamboo.c
index 9d997bf743..bedf1acfcb 100644
--- a/hw/ppc/ppc440_bamboo.c
+++ b/hw/ppc/ppc440_bamboo.c
@@ -166,7 +166,7 @@  static void bamboo_init(MachineState *machine)
     MemoryRegion *address_space_mem = get_system_memory();
     MemoryRegion *isa = g_new(MemoryRegion, 1);
     MemoryRegion *ram_memories
-        = g_malloc(PPC440EP_SDRAM_NR_BANKS * sizeof(*ram_memories));
+        = g_new(typeof(*ram_memories), PPC440EP_SDRAM_NR_BANKS);
     hwaddr ram_bases[PPC440EP_SDRAM_NR_BANKS];
     hwaddr ram_sizes[PPC440EP_SDRAM_NR_BANKS];
     qemu_irq *pic;
@@ -204,7 +204,7 @@  static void bamboo_init(MachineState *machine)
     ppc_dcr_init(env, NULL, NULL);
 
     /* interrupt controller */
-    irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+    irqs = g_new0(qemu_irq, PPCUIC_OUTPUT_NB);
     irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
     irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
     pic = ppcuic_init(env, irqs, 0x0C0, 0, 1);
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
index e7f413e49d..639053dd1f 100644
--- a/hw/ppc/ppc4xx_devs.c
+++ b/hw/ppc/ppc4xx_devs.c
@@ -305,7 +305,7 @@  qemu_irq *ppcuic_init (CPUPPCState *env, qemu_irq *irqs,
     ppcuic_t *uic;
     int i;
 
-    uic = g_malloc0(sizeof(ppcuic_t));
+    uic = g_new0(ppcuic_t, 1);
     uic->dcr_base = dcr_base;
     uic->irqs = irqs;
     if (has_vr)
@@ -653,7 +653,7 @@  void ppc4xx_sdram_init (CPUPPCState *env, qemu_irq irq, int nbanks,
 {
     ppc4xx_sdram_t *sdram;
 
-    sdram = g_malloc0(sizeof(ppc4xx_sdram_t));
+    sdram = g_new0(ppc4xx_sdram_t, 1);
     sdram->irq = irq;
     sdram->nbanks = nbanks;
     sdram->ram_memories = ram_memories;
diff --git a/hw/ppc/ppc_booke.c b/hw/ppc/ppc_booke.c
index 23bcf1b138..dafc6aa3fc 100644
--- a/hw/ppc/ppc_booke.c
+++ b/hw/ppc/ppc_booke.c
@@ -339,8 +339,8 @@  void ppc_booke_timers_init(PowerPCCPU *cpu, uint32_t freq, uint32_t flags)
     booke_timer_t *booke_timer;
     int ret = 0;
 
-    tb_env      = g_malloc0(sizeof(ppc_tb_t));
-    booke_timer = g_malloc0(sizeof(booke_timer_t));
+    tb_env      = g_new0(ppc_tb_t, 1);
+    booke_timer = g_new0(booke_timer_t, 1);
 
     cpu->env.tb_env = tb_env;
     tb_env->flags = flags | PPC_TIMER_BOOKE | PPC_DECR_ZERO_TRIGGERED;
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index d16646c95d..4893641e5d 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -513,7 +513,7 @@  static void ppc_prep_init(MachineState *machine)
     int ppc_boot_device;
     DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 
-    sysctrl = g_malloc0(sizeof(sysctrl_t));
+    sysctrl = g_new0(sysctrl_t, 1);
 
     linux_boot = (kernel_filename != NULL);
 
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 70eb60efed..72f29cbbbb 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2680,7 +2680,7 @@  static sPAPRDIMMState *spapr_recover_pending_dimm_state(sPAPRMachineState *ms,
         addr += SPAPR_MEMORY_BLOCK_SIZE;
     }
 
-    ds = g_malloc0(sizeof(sPAPRDIMMState));
+    ds = g_new0(sPAPRDIMMState, 1);
     ds->nr_lmbs = avail_lmbs;
     ds->dimm = dimm;
     spapr_pending_dimm_unplugs_add(ms, ds);
@@ -2748,7 +2748,7 @@  static void spapr_memory_unplug_request(HotplugHandler *hotplug_dev,
         goto out;
     }
 
-    ds = g_malloc0(sizeof(sPAPRDIMMState));
+    ds = g_new0(sPAPRDIMMState, 1);
     ds->nr_lmbs = nr_lmbs;
     ds->dimm = dimm;
     spapr_pending_dimm_unplugs_add(spapr, ds);
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 57acd85a87..1e1c6d46b2 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -494,7 +494,7 @@  static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t hp_action,
     struct rtas_event_log_v6_mainb *mainb;
     struct rtas_event_log_v6_hp *hp;
 
-    new_hp = g_malloc0(sizeof(struct hp_log_full));
+    new_hp = g_new0(struct hp_log_full, 1);
     hdr = &new_hp->hdr;
     v6hdr = &new_hp->v6hdr;
     maina = &new_hp->maina;
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 0341bc069d..dd3e9b3a95 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -93,7 +93,7 @@  static uint64_t *spapr_tce_alloc_table(uint32_t liobn,
 
     if (!table) {
         *fd = -1;
-        table = g_malloc0(nb_table * sizeof(uint64_t));
+        table = g_new0(uint64_t, nb_table);
     }
 
     trace_spapr_iommu_new_table(liobn, table, *fd);
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index e4daf8d5f1..ae2d0b7c7f 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1904,7 +1904,7 @@  static void spapr_pci_pre_save(void *opaque)
     if (!sphb->msi_devs_num) {
         return;
     }
-    sphb->msi_devs = g_malloc(sphb->msi_devs_num * sizeof(spapr_pci_msi_mig));
+    sphb->msi_devs = g_new(spapr_pci_msi_mig, sphb->msi_devs_num);
 
     g_hash_table_iter_init(&iter, sphb->msi);
     for (i = 0; g_hash_table_iter_next(&iter, &key, &value); ++i) {
diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c
index a0ee4fd265..a687337629 100644
--- a/hw/ppc/spapr_vio.c
+++ b/hw/ppc/spapr_vio.c
@@ -638,7 +638,7 @@  void spapr_dt_vdevice(VIOsPAPRBus *bus, void *fdt)
     }
 
     /* Copy out into an array of pointers */
-    qdevs = g_malloc(sizeof(qdev) * num);
+    qdevs = g_new(typeof(qdev), num);
     num = 0;
     QTAILQ_FOREACH(kid, &bus->bus.children, sibling) {
         qdevs[num++] = kid->child;
diff --git a/hw/ppc/virtex_ml507.c b/hw/ppc/virtex_ml507.c
index fdbcf22a0c..1efea10cbd 100644
--- a/hw/ppc/virtex_ml507.c
+++ b/hw/ppc/virtex_ml507.c
@@ -108,7 +108,7 @@  static PowerPCCPU *ppc440_init_xilinx(ram_addr_t *ram_size,
     ppc_dcr_init(env, NULL, NULL);
 
     /* interrupt controller */
-    irqs = g_malloc0(sizeof(qemu_irq) * PPCUIC_OUTPUT_NB);
+    irqs = g_new0(qemu_irq, PPCUIC_OUTPUT_NB);
     irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
     irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_CINT];
     ppcuic_init(env, irqs, 0x0C0, 0, 1);
diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 1e2f26b65a..e7e095ce1d 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -147,7 +147,7 @@  int css_create_css_image(uint8_t cssid, bool default_image)
     if (channel_subsys.css[cssid]) {
         return -EBUSY;
     }
-    channel_subsys.css[cssid] = g_malloc0(sizeof(CssImage));
+    channel_subsys.css[cssid] = g_new0(CssImage, 1);
     if (default_image) {
         channel_subsys.default_cssid = cssid;
     }
@@ -1221,7 +1221,7 @@  void css_undo_stcrw(CRW *crw)
 {
     CrwContainer *crw_cont;
 
-    crw_cont = g_try_malloc0(sizeof(CrwContainer));
+    crw_cont = g_try_new0(CrwContainer, 1);
     if (!crw_cont) {
         channel_subsys.crws_lost = true;
         return;
@@ -1628,7 +1628,7 @@  void css_subch_assign(uint8_t cssid, uint8_t ssid, uint16_t schid,
     css = channel_subsys.css[cssid];
 
     if (!css->sch_set[ssid]) {
-        css->sch_set[ssid] = g_malloc0(sizeof(SubchSet));
+        css->sch_set[ssid] = g_new0(SubchSet, 1);
     }
     s_set = css->sch_set[ssid];
 
@@ -1648,7 +1648,7 @@  void css_queue_crw(uint8_t rsc, uint8_t erc, int chain, uint16_t rsid)
 
     trace_css_crw(rsc, erc, rsid, chain ? "(chained)" : "");
     /* TODO: Maybe use a static crw pool? */
-    crw_cont = g_try_malloc0(sizeof(CrwContainer));
+    crw_cont = g_try_new0(CrwContainer, 1);
     if (!crw_cont) {
         channel_subsys.crws_lost = true;
         return;
diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 5651483781..339280510f 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -250,7 +250,7 @@  static void s390_pci_generate_event(uint8_t cc, uint16_t pec, uint32_t fh,
     SeiContainer *sei_cont;
     S390pciState *s = s390_get_phb();
 
-    sei_cont = g_malloc0(sizeof(SeiContainer));
+    sei_cont = g_new0(SeiContainer, 1);
     sei_cont->fh = fh;
     sei_cont->fid = fid;
     sei_cont->cc = cc;
@@ -419,7 +419,7 @@  static S390PCIIOMMU *s390_pci_get_iommu(S390pciState *s, PCIBus *bus,
     S390PCIIOMMU *iommu;
 
     if (!table) {
-        table = g_malloc0(sizeof(S390PCIIOMMUTable));
+        table = g_new0(S390PCIIOMMUTable, 1);
         table->key = key;
         g_hash_table_insert(s->iommu_table, &table->key, table);
     }
diff --git a/hw/sh4/r2d.c b/hw/sh4/r2d.c
index e6fc74ed87..766d9d8c84 100644
--- a/hw/sh4/r2d.c
+++ b/hw/sh4/r2d.c
@@ -186,7 +186,7 @@  static qemu_irq *r2d_fpga_init(MemoryRegion *sysmem,
 {
     r2d_fpga_t *s;
 
-    s = g_malloc0(sizeof(r2d_fpga_t));
+    s = g_new0(r2d_fpga_t, 1);
 
     s->irl = irl;
 
@@ -253,7 +253,7 @@  static void r2d_init(MachineState *machine)
     }
     env = &cpu->env;
 
-    reset_info = g_malloc0(sizeof(ResetData));
+    reset_info = g_new0(ResetData, 1);
     reset_info->cpu = cpu;
     reset_info->vector = env->pc;
     qemu_register_reset(main_cpu_reset, reset_info);
diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c
index 166e4bd947..49c49c110b 100644
--- a/hw/sh4/sh7750.c
+++ b/hw/sh4/sh7750.c
@@ -728,7 +728,7 @@  SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion *sysmem)
 {
     SH7750State *s;
 
-    s = g_malloc0(sizeof(SH7750State));
+    s = g_new0(SH7750State, 1);
     s->cpu = cpu;
     s->periph_freq = 60000000;	/* 60MHz */
     memory_region_init_io(&s->iomem, NULL, &sh7750_mem_ops, s,
diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index f415997649..6b16e19c18 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -136,7 +136,7 @@  static void leon3_generic_hw_init(MachineState *machine)
     cpu_sparc_set_id(env, 0);
 
     /* Reset data */
-    reset_info        = g_malloc0(sizeof(ResetData));
+    reset_info        = g_new0(ResetData, 1);
     reset_info->cpu   = cpu;
     reset_info->sp    = 0x40000000 + ram_size;
     qemu_register_reset(main_cpu_reset, reset_info);
diff --git a/hw/sparc64/sparc64.c b/hw/sparc64/sparc64.c
index 4e4fdab065..a16fe43262 100644
--- a/hw/sparc64/sparc64.c
+++ b/hw/sparc64/sparc64.c
@@ -160,7 +160,7 @@  static CPUTimer *cpu_timer_create(const char *name, SPARCCPU *cpu,
                                   QEMUBHFunc *cb, uint32_t frequency,
                                   uint64_t disabled_mask, uint64_t npt_mask)
 {
-    CPUTimer *timer = g_malloc0(sizeof(CPUTimer));
+    CPUTimer *timer = g_new0(CPUTimer, 1);
 
     timer->name = name;
     timer->frequency = frequency;
@@ -372,7 +372,7 @@  SPARCCPU *sparc64_cpu_devinit(const char *cpu_model,
                                     hstick_frequency, TICK_INT_DIS,
                                     TICK_NPT_MASK);
 
-    reset_info = g_malloc0(sizeof(ResetData));
+    reset_info = g_new0(ResetData, 1);
     reset_info->cpu = cpu;
     reset_info->prom_addr = prom_addr;
     qemu_register_reset(main_cpu_reset, reset_info);
diff --git a/hw/timer/arm_timer.c b/hw/timer/arm_timer.c
index 98fddd7ac1..75affcb8a6 100644
--- a/hw/timer/arm_timer.c
+++ b/hw/timer/arm_timer.c
@@ -166,7 +166,7 @@  static arm_timer_state *arm_timer_init(uint32_t freq)
     arm_timer_state *s;
     QEMUBH *bh;
 
-    s = (arm_timer_state *)g_malloc0(sizeof(arm_timer_state));
+    s = g_new0(arm_timer_state, 1);
     s->freq = freq;
     s->control = TIMER_CTRL_IE;
 
diff --git a/hw/timer/grlib_gptimer.c b/hw/timer/grlib_gptimer.c
index 4ed96e970a..5f4829df94 100644
--- a/hw/timer/grlib_gptimer.c
+++ b/hw/timer/grlib_gptimer.c
@@ -355,7 +355,7 @@  static int grlib_gptimer_init(SysBusDevice *dev)
     assert(unit->nr_timers > 0);
     assert(unit->nr_timers <= GPTIMER_MAX_TIMERS);
 
-    unit->timers = g_malloc0(sizeof unit->timers[0] * unit->nr_timers);
+    unit->timers = g_new0(typeof(unit->timers[0]), unit->nr_timers);
 
     for (i = 0; i < unit->nr_timers; i++) {
         GPTimer *timer = &unit->timers[i];
diff --git a/hw/timer/sh_timer.c b/hw/timer/sh_timer.c
index 9afb2d048c..46f3eb9647 100644
--- a/hw/timer/sh_timer.c
+++ b/hw/timer/sh_timer.c
@@ -192,7 +192,7 @@  static void *sh_timer_init(uint32_t freq, int feat, qemu_irq irq)
     sh_timer_state *s;
     QEMUBH *bh;
 
-    s = (sh_timer_state *)g_malloc0(sizeof(sh_timer_state));
+    s = g_new0(sh_timer_state, 1);
     s->freq = freq;
     s->feat = feat;
     s->tcor = 0xffffffff;
@@ -313,7 +313,7 @@  void tmu012_init(MemoryRegion *sysmem, hwaddr base,
     tmu012_state *s;
     int timer_feat = (feat & TMU012_FEAT_EXTCLK) ? TIMER_FEAT_EXTCLK : 0;
 
-    s = (tmu012_state *)g_malloc0(sizeof(tmu012_state));
+    s = g_new0(tmu012_state, 1);
     s->feat = feat;
     s->timer[0] = sh_timer_init(freq, timer_feat, ch0_irq);
     s->timer[1] = sh_timer_init(freq, timer_feat, ch1_irq);
diff --git a/hw/timer/slavio_timer.c b/hw/timer/slavio_timer.c
index a8cc9c0148..6d0282a788 100644
--- a/hw/timer/slavio_timer.c
+++ b/hw/timer/slavio_timer.c
@@ -385,7 +385,7 @@  static void slavio_timer_init(Object *obj)
         uint64_t size;
         char timer_name[20];
 
-        tc = g_malloc0(sizeof(TimerContext));
+        tc = g_new0(TimerContext, 1);
         tc->s = s;
         tc->timer_index = i;
 
diff --git a/hw/timer/xilinx_timer.c b/hw/timer/xilinx_timer.c
index 59439c05be..bae78dfc7e 100644
--- a/hw/timer/xilinx_timer.c
+++ b/hw/timer/xilinx_timer.c
@@ -211,7 +211,7 @@  static void xilinx_timer_realize(DeviceState *dev, Error **errp)
     unsigned int i;
 
     /* Init all the ptimers.  */
-    t->timers = g_malloc0(sizeof t->timers[0] * num_timers(t));
+    t->timers = g_new0(typeof(t->timers[0]), num_timers(t));
     for (i = 0; i < num_timers(t); i++) {
         struct xlx_timer *xt = &t->timers[i];
 
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index b9abe77f5a..379c0b0f1c 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -687,7 +687,7 @@  static int vfio_setup_region_sparse_mmaps(VFIORegion *region,
     }
 
     region->nr_mmaps = j;
-    region->mmaps = g_realloc(region->mmaps, j * sizeof(VFIOMmap));
+    region->mmaps = g_renew(VFIOMmap, region->mmaps, j);
 
     return 0;
 }
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 32aca77701..4d9403ba3f 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -1434,8 +1434,8 @@  static int vfio_msix_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
     int ret;
     Error *err = NULL;
 
-    vdev->msix->pending = g_malloc0(BITS_TO_LONGS(vdev->msix->entries) *
-                                    sizeof(unsigned long));
+    vdev->msix->pending = g_new0(unsigned long,
+                                 BITS_TO_LONGS(vdev->msix->entries));
     ret = msix_init(&vdev->pdev, vdev->msix->entries,
                     vdev->bars[vdev->msix->table_bar].region.mem,
                     vdev->msix->table_bar, vdev->msix->table_offset,
diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
index a4663c918e..da9478c201 100644
--- a/hw/vfio/platform.c
+++ b/hw/vfio/platform.c
@@ -65,7 +65,7 @@  static VFIOINTp *vfio_init_intp(VFIODevice *vbasedev,
     sysbus_init_irq(sbdev, &intp->qemuirq);
 
     /* Get an eventfd for trigger */
-    intp->interrupt = g_malloc0(sizeof(EventNotifier));
+    intp->interrupt = g_new0(EventNotifier, 1);
     ret = event_notifier_init(intp->interrupt, 0);
     if (ret) {
         g_free(intp->interrupt);
@@ -76,7 +76,7 @@  static VFIOINTp *vfio_init_intp(VFIODevice *vbasedev,
     }
     if (vfio_irq_is_automasked(intp)) {
         /* Get an eventfd for resample/unmask */
-        intp->unmask = g_malloc0(sizeof(EventNotifier));
+        intp->unmask = g_new0(EventNotifier, 1);
         ret = event_notifier_init(intp->unmask, 0);
         if (ret) {
             g_free(intp->interrupt);
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index 0353eb6d5d..1054139f6d 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -793,7 +793,7 @@  static void virtio_crypto_device_realize(DeviceState *dev, Error **errp)
 
     virtio_init(vdev, "virtio-crypto", VIRTIO_ID_CRYPTO, vcrypto->config_size);
     vcrypto->curr_queues = 1;
-    vcrypto->vqs = g_malloc0(sizeof(VirtIOCryptoQueue) * vcrypto->max_queues);
+    vcrypto->vqs = g_new0(VirtIOCryptoQueue, vcrypto->max_queues);
     for (i = 0; i < vcrypto->max_queues; i++) {
         vcrypto->vqs[i].dataq =
                  virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh);
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index f9b7244808..ae703ac1a2 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1033,8 +1033,8 @@  static int virtio_pci_set_guest_notifiers(DeviceState *d, int nvqs, bool assign)
     if ((with_irqfd || k->guest_notifier_mask) && assign) {
         if (with_irqfd) {
             proxy->vector_irqfd =
-                g_malloc0(sizeof(*proxy->vector_irqfd) *
-                          msix_nr_vectors_allocated(&proxy->pci_dev));
+                g_new0(typeof(*proxy->vector_irqfd),
+                       msix_nr_vectors_allocated(&proxy->pci_dev));
             r = kvm_virtio_pci_vector_use(proxy, nvqs);
             if (r < 0) {
                 goto assign_error;
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 464947f76d..7090ff72f2 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2238,7 +2238,7 @@  void virtio_init(VirtIODevice *vdev, const char *name,
 
     if (nvectors) {
         vdev->vector_queues =
-            g_malloc0(sizeof(*vdev->vector_queues) * nvectors);
+            g_new0(typeof(*vdev->vector_queues), nvectors);
     }
 
     vdev->device_id = device_id;
@@ -2246,7 +2246,7 @@  void virtio_init(VirtIODevice *vdev, const char *name,
     atomic_set(&vdev->isr, 0);
     vdev->queue_sel = 0;
     vdev->config_vector = VIRTIO_NO_VECTOR;
-    vdev->vq = g_malloc0(sizeof(VirtQueue) * VIRTIO_QUEUE_MAX);
+    vdev->vq = g_new0(VirtQueue, VIRTIO_QUEUE_MAX);
     vdev->vm_running = runstate_is_running();
     vdev->broken = false;
     for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
diff --git a/hw/xtensa/xtfpga.c b/hw/xtensa/xtfpga.c
index d5ac080d4a..300a2d9fe8 100644
--- a/hw/xtensa/xtfpga.c
+++ b/hw/xtensa/xtfpga.c
@@ -115,7 +115,7 @@  static const MemoryRegionOps lx60_fpga_ops = {
 static Lx60FpgaState *lx60_fpga_init(MemoryRegion *address_space,
         hwaddr base)
 {
-    Lx60FpgaState *s = g_malloc(sizeof(Lx60FpgaState));
+    Lx60FpgaState *s = g_new(Lx60FpgaState, 1);
 
     memory_region_init_io(&s->iomem, NULL, &lx60_fpga_ops, s,
             "lx60.fpga", 0x10000);
diff --git a/kvm-all.c b/kvm-all.c
index 7df27c8522..c33601ad1f 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -957,7 +957,7 @@  void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml,
 {
     int i;
 
-    kml->slots = g_malloc0(s->nr_slots * sizeof(KVMSlot));
+    kml->slots = g_new0(KVMSlot, s->nr_slots);
     kml->as_id = as_id;
 
     for (i = 0; i < s->nr_slots; i++) {
@@ -1229,7 +1229,7 @@  int kvm_irqchip_send_msi(KVMState *s, MSIMessage msg)
             return virq;
         }
 
-        route = g_malloc0(sizeof(KVMMSIRoute));
+        route = g_new0(KVMMSIRoute, 1);
         route->kroute.gsi = virq;
         route->kroute.type = KVM_IRQ_ROUTING_MSI;
         route->kroute.flags = 0;
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index ce77317e09..0ea3678c03 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2056,7 +2056,7 @@  static void load_elf_image(const char *image_name, int image_fd,
 #ifdef CONFIG_USE_FDPIC
     {
         struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
-            g_malloc(sizeof(*loadsegs) * info->nsegs);
+            g_new(typeof(*loadsegs), info->nsegs);
 
         for (i = 0; i < ehdr->e_phnum; ++i) {
             switch (phdr[i].p_type) {
diff --git a/memory.c b/memory.c
index 0ddc4cc28d..843be37ebd 100644
--- a/memory.c
+++ b/memory.c
@@ -270,8 +270,8 @@  static void flatview_insert(FlatView *view, unsigned pos, FlatRange *range)
 {
     if (view->nr == view->nr_allocated) {
         view->nr_allocated = MAX(2 * view->nr, 10);
-        view->ranges = g_realloc(view->ranges,
-                                    view->nr_allocated * sizeof(*view->ranges));
+        view->ranges = g_renew(typeof(*view->ranges), view->ranges,
+                               view->nr_allocated);
     }
     memmove(view->ranges + pos + 1, view->ranges + pos,
             (view->nr - pos) * sizeof(FlatRange));
@@ -792,8 +792,8 @@  static void address_space_update_ioeventfds(AddressSpace *as)
                                              int128_make64(fr->offset_in_region)));
             if (addrrange_intersects(fr->addr, tmp)) {
                 ++ioeventfd_nb;
-                ioeventfds = g_realloc(ioeventfds,
-                                          ioeventfd_nb * sizeof(*ioeventfds));
+                ioeventfds = g_renew(typeof(*ioeventfds), ioeventfds,
+                                     ioeventfd_nb);
                 ioeventfds[ioeventfd_nb-1] = fr->mr->ioeventfds[i];
                 ioeventfds[ioeventfd_nb-1].addr = tmp;
             }
@@ -2028,8 +2028,8 @@  void memory_region_add_eventfd(MemoryRegion *mr,
         }
     }
     ++mr->ioeventfd_nb;
-    mr->ioeventfds = g_realloc(mr->ioeventfds,
-                                  sizeof(*mr->ioeventfds) * mr->ioeventfd_nb);
+    mr->ioeventfds = g_renew(typeof(*mr->ioeventfds), mr->ioeventfds,
+                             mr->ioeventfd_nb);
     memmove(&mr->ioeventfds[i+1], &mr->ioeventfds[i],
             sizeof(*mr->ioeventfds) * (mr->ioeventfd_nb-1 - i));
     mr->ioeventfds[i] = mrfd;
diff --git a/memory_mapping.c b/memory_mapping.c
index a5d38552a6..9c78b41363 100644
--- a/memory_mapping.c
+++ b/memory_mapping.c
@@ -43,7 +43,7 @@  static void create_new_memory_mapping(MemoryMappingList *list,
 {
     MemoryMapping *memory_mapping;
 
-    memory_mapping = g_malloc(sizeof(MemoryMapping));
+    memory_mapping = g_new(MemoryMapping, 1);
     memory_mapping->phys_addr = phys_addr;
     memory_mapping->virt_addr = virt_addr;
     memory_mapping->length = length;
diff --git a/migration/block.c b/migration/block.c
index 4d8c2e94b9..0109d15060 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -406,7 +406,7 @@  static int init_blk_migration(QEMUFile *f)
     for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
         num_bs++;
     }
-    bmds_bs = g_malloc0(num_bs * sizeof(*bmds_bs));
+    bmds_bs = g_new0(typeof(*bmds_bs), num_bs);
 
     for (i = 0, bs = bdrv_first(&it); bs; bs = bdrv_next(&it), i++) {
         if (bdrv_is_read_only(bs)) {
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 9c4188724e..34a10a78d1 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -731,7 +731,7 @@  void *postcopy_get_tmp_page(MigrationIncomingState *mis)
 PostcopyDiscardState *postcopy_discard_send_init(MigrationState *ms,
                                                  const char *name)
 {
-    PostcopyDiscardState *res = g_malloc0(sizeof(PostcopyDiscardState));
+    PostcopyDiscardState *res = g_new0(PostcopyDiscardState, 1);
 
     if (res) {
         res->ramblock_name = name;
diff --git a/migration/ram.c b/migration/ram.c
index f387e9cc5b..471d0c3dfe 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1250,7 +1250,7 @@  int ram_save_queue_pages(const char *rbname, ram_addr_t start, ram_addr_t len)
     }
 
     struct RAMSrcPageRequest *new_entry =
-        g_malloc0(sizeof(struct RAMSrcPageRequest));
+        g_new0(struct RAMSrcPageRequest, 1);
     new_entry->rb = ramblock;
     new_entry->offset = start;
     new_entry->len = len;
diff --git a/monitor.c b/monitor.c
index 1e63ace2d4..e9fb75db73 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1929,7 +1929,7 @@  void qmp_getfd(const char *fdname, Error **errp)
         return;
     }
 
-    monfd = g_malloc0(sizeof(mon_fd_t));
+    monfd = g_new0(mon_fd_t, 1);
     monfd->name = g_strdup(fdname);
     monfd->fd = fd;
 
diff --git a/nbd/server.c b/nbd/server.c
index 924a1fe2db..f807551e1e 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -890,7 +890,7 @@  NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size,
                           Error **errp)
 {
     BlockBackend *blk;
-    NBDExport *exp = g_malloc0(sizeof(NBDExport));
+    NBDExport *exp = g_new0(NBDExport, 1);
     uint64_t perm;
     int ret;
 
@@ -1402,7 +1402,7 @@  void nbd_client_new(NBDExport *exp,
     NBDClient *client;
     NBDClientNewData *data = g_new(NBDClientNewData, 1);
 
-    client = g_malloc0(sizeof(NBDClient));
+    client = g_new0(NBDClient, 1);
     client->refcount = 1;
     client->exp = exp;
     client->tlscreds = tlscreds;
diff --git a/net/slirp.c b/net/slirp.c
index 6a6d727999..f9a95710a1 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -832,7 +832,7 @@  static const char **slirp_dnssearch(const StringList *dnsname)
         return NULL;
     }
 
-    ret = g_malloc((num_opts + 1) * sizeof(*ret));
+    ret = g_new(typeof(*ret), num_opts + 1);
     c = dnsname;
     while (c) {
         ret[i++] = c->value->str;
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 439d229225..f61aebe7cc 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -874,7 +874,7 @@  qmp_guest_fstrim(bool has_minimum, int64_t minimum, Error **errp)
             continue;
         }
 
-        uc_path = g_malloc(sizeof(WCHAR) * char_count);
+        uc_path = g_new(WCHAR, char_count);
         if (!GetVolumePathNamesForVolumeNameW(guid, uc_path, char_count,
                                               &char_count) || !*uc_path) {
             /* strange, but this condition could be faced even with size == 2 */
diff --git a/qga/commands.c b/qga/commands.c
index 3333ed50b2..33102a2838 100644
--- a/qga/commands.c
+++ b/qga/commands.c
@@ -239,7 +239,7 @@  static char **guest_exec_get_args(const strList *entry, bool log)
 
     str = g_malloc(str_size);
     *str = 0;
-    args = g_malloc(count * sizeof(char *));
+    args = g_new(char *, count);
     for (it = entry; it != NULL; it = it->next) {
         args[i++] = it->value;
         pstrcat(str, str_size, it->value);
diff --git a/qmp.c b/qmp.c
index 7ee9bcfdcf..fb5fd32db6 100644
--- a/qmp.c
+++ b/qmp.c
@@ -242,7 +242,7 @@  ObjectPropertyInfoList *qmp_qom_list(const char *path, Error **errp)
     while ((prop = object_property_iter_next(&iter))) {
         ObjectPropertyInfoList *entry = g_malloc0(sizeof(*entry));
 
-        entry->value = g_malloc0(sizeof(ObjectPropertyInfo));
+        entry->value = g_new0(ObjectPropertyInfo, 1);
         entry->next = props;
         props = entry;
 
diff --git a/qobject/json-parser.c b/qobject/json-parser.c
index c18e48ab94..19fdac5429 100644
--- a/qobject/json-parser.c
+++ b/qobject/json-parser.c
@@ -246,7 +246,7 @@  static JSONParserContext *parser_context_new(GQueue *tokens)
         return NULL;
     }
 
-    ctxt = g_malloc0(sizeof(JSONParserContext));
+    ctxt = g_new0(JSONParserContext, 1);
     ctxt->buf = tokens;
 
     return ctxt;
diff --git a/replay/replay-char.c b/replay/replay-char.c
index cbf7c04a9f..07a1c97cc9 100755
--- a/replay/replay-char.c
+++ b/replay/replay-char.c
@@ -44,14 +44,14 @@  void replay_register_char_driver(Chardev *chr)
     if (replay_mode == REPLAY_MODE_NONE) {
         return;
     }
-    char_drivers = g_realloc(char_drivers,
-                             sizeof(*char_drivers) * (drivers_count + 1));
+    char_drivers = g_renew(typeof(*char_drivers), char_drivers,
+                           drivers_count + 1);
     char_drivers[drivers_count++] = chr;
 }
 
 void replay_chr_be_write(Chardev *s, uint8_t *buf, int len)
 {
-    CharEvent *event = g_malloc0(sizeof(CharEvent));
+    CharEvent *event = g_new0(CharEvent, 1);
 
     event->id = find_char_driver(s);
     if (event->id < 0) {
@@ -86,7 +86,7 @@  void replay_event_char_read_save(void *opaque)
 
 void *replay_event_char_read_load(void)
 {
-    CharEvent *event = g_malloc0(sizeof(CharEvent));
+    CharEvent *event = g_new0(CharEvent, 1);
 
     event->id = replay_get_byte();
     replay_get_array_alloc(&event->buf, &event->len);
diff --git a/replay/replay-events.c b/replay/replay-events.c
index 94a6dcccfc..c72dcaa708 100644
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -128,7 +128,7 @@  void replay_add_event(ReplayAsyncEventKind event_kind,
         return;
     }
 
-    Event *event = g_malloc0(sizeof(Event));
+    Event *event = g_new0(Event, 1);
     event->event_kind = event_kind;
     event->opaque = opaque;
     event->opaque2 = opaque2;
@@ -239,17 +239,17 @@  static Event *replay_read_event(int checkpoint)
         }
         break;
     case REPLAY_ASYNC_EVENT_INPUT:
-        event = g_malloc0(sizeof(Event));
+        event = g_new0(Event, 1);
         event->event_kind = read_event_kind;
         event->opaque = replay_read_input_event();
         return event;
     case REPLAY_ASYNC_EVENT_INPUT_SYNC:
-        event = g_malloc0(sizeof(Event));
+        event = g_new0(Event, 1);
         event->event_kind = read_event_kind;
         event->opaque = 0;
         return event;
     case REPLAY_ASYNC_EVENT_CHAR_READ:
-        event = g_malloc0(sizeof(Event));
+        event = g_new0(Event, 1);
         event->event_kind = read_event_kind;
         event->opaque = replay_event_char_read_load();
         return event;
@@ -259,7 +259,7 @@  static Event *replay_read_event(int checkpoint)
         }
         break;
     case REPLAY_ASYNC_EVENT_NET:
-        event = g_malloc0(sizeof(Event));
+        event = g_new0(Event, 1);
         event->event_kind = read_event_kind;
         event->opaque = replay_event_net_load();
         return event;
diff --git a/replay/replay-net.c b/replay/replay-net.c
index 80b7054156..676a2365b4 100644
--- a/replay/replay-net.c
+++ b/replay/replay-net.c
@@ -38,9 +38,8 @@  ReplayNetState *replay_register_net(NetFilterState *nfs)
     ReplayNetState *rns = g_new0(ReplayNetState, 1);
     rns->nfs = nfs;
     rns->id = network_filters_count++;
-    network_filters = g_realloc(network_filters,
-                                network_filters_count
-                                    * sizeof(*network_filters));
+    network_filters = g_renew(typeof(*network_filters), network_filters,
+                              network_filters_count);
     network_filters[network_filters_count - 1] = nfs;
     return rns;
 }
diff --git a/slirp/dnssearch.c b/slirp/dnssearch.c
index 8fb563321b..557c6944c0 100644
--- a/slirp/dnssearch.c
+++ b/slirp/dnssearch.c
@@ -249,7 +249,7 @@  int translate_dnssearch(Slirp *s, const char **names)
         return -2;
     }
 
-    domains = g_malloc(num_domains * sizeof(*domains));
+    domains = g_new(typeof(*domains), num_domains);
 
     for (i = 0; i < num_domains; i++) {
         size_t nlen = strlen(names[i]);
@@ -262,7 +262,7 @@  int translate_dnssearch(Slirp *s, const char **names)
 
     /* reserve extra 2 header bytes for each 255 bytes of output */
     memreq += DIV_ROUND_UP(memreq, MAX_OPT_LEN) * OPT_HEADER_LEN;
-    result = g_malloc(memreq * sizeof(*result));
+    result = g_new(typeof(*result), memreq);
 
     outptr = result;
     for (i = 0; i < num_domains; i++) {
diff --git a/slirp/slirp.c b/slirp/slirp.c
index e79345bdfc..3e8db3b46c 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -282,7 +282,7 @@  Slirp *slirp_init(int restricted, bool in_enabled, struct in_addr vnetwork,
                   struct in6_addr vnameserver6, const char **vdnssearch,
                   void *opaque)
 {
-    Slirp *slirp = g_malloc0(sizeof(Slirp));
+    Slirp *slirp = g_new0(Slirp, 1);
 
     slirp_init_once();
 
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ffb5267162..710a3290bd 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3809,7 +3809,7 @@  static GuestPanicInformation *x86_cpu_get_crash_info(CPUState *cs)
     GuestPanicInformation *panic_info = NULL;
 
     if (env->features[FEAT_HYPERV_EDX] & HV_X64_GUEST_CRASH_MSR_AVAILABLE) {
-        panic_info = g_malloc0(sizeof(GuestPanicInformation));
+        panic_info = g_new0(GuestPanicInformation, 1);
 
         panic_info->type = GUEST_PANIC_INFORMATION_TYPE_HYPER_V;
 
diff --git a/target/mips/translate_init.c b/target/mips/translate_init.c
index 6ae23e476f..91791ef9ec 100644
--- a/target/mips/translate_init.c
+++ b/target/mips/translate_init.c
@@ -855,7 +855,7 @@  static void mmu_init (CPUMIPSState *env, const mips_def_t *def)
 {
     MIPSCPU *cpu = mips_env_get_cpu(env);
 
-    env->tlb = g_malloc0(sizeof(CPUMIPSTLBContext));
+    env->tlb = g_new0(CPUMIPSTLBContext, 1);
 
     switch (def->mmu_type) {
         case MMU_TYPE_NONE:
@@ -888,7 +888,7 @@  static void fpu_init (CPUMIPSState *env, const mips_def_t *def)
 
 static void mvp_init (CPUMIPSState *env, const mips_def_t *def)
 {
-    env->mvp = g_malloc0(sizeof(CPUMIPSMVPContext));
+    env->mvp = g_new0(CPUMIPSMVPContext, 1);
 
     /* MVPConf1 implemented, TLB sharable, no gating storage support,
        programmable cache partitioning implemented, number of allocatable
diff --git a/target/openrisc/mmu.c b/target/openrisc/mmu.c
index ce2a29dd1a..4789a35b67 100644
--- a/target/openrisc/mmu.c
+++ b/target/openrisc/mmu.c
@@ -247,7 +247,7 @@  hwaddr openrisc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 
 void cpu_openrisc_mmu_init(OpenRISCCPU *cpu)
 {
-    cpu->env.tlb = g_malloc0(sizeof(CPUOpenRISCTLBContext));
+    cpu->env.tlb = g_new0(CPUOpenRISCTLBContext, 1);
 
     cpu->env.tlb->cpu_openrisc_map_address_code = &cpu_openrisc_get_phys_nommu;
     cpu->env.tlb->cpu_openrisc_map_address_data = &cpu_openrisc_get_phys_nommu;
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 56a0ab22cf..150d0b00e2 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -9225,13 +9225,13 @@  static void init_ppc_proc(PowerPCCPU *cpu)
             nb_tlb *= 2;
         switch (env->tlb_type) {
         case TLB_6XX:
-            env->tlb.tlb6 = g_malloc0(nb_tlb * sizeof(ppc6xx_tlb_t));
+            env->tlb.tlb6 = g_new0(ppc6xx_tlb_t, nb_tlb);
             break;
         case TLB_EMB:
-            env->tlb.tlbe = g_malloc0(nb_tlb * sizeof(ppcemb_tlb_t));
+            env->tlb.tlbe = g_new0(ppcemb_tlb_t, nb_tlb);
             break;
         case TLB_MAS:
-            env->tlb.tlbm = g_malloc0(nb_tlb * sizeof(ppcmas_tlb_t));
+            env->tlb.tlbm = g_new0(ppcmas_tlb_t, nb_tlb);
             break;
         }
         /* Pre-compute some useful values */
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 1b9f448875..96e8612003 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -237,7 +237,7 @@  void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3)
             program_interrupt(env, PGM_ADDRESSING, ILEN_LATER_INC);
             return;
         }
-        iplb = g_malloc0(sizeof(IplParameterBlock));
+        iplb = g_new0(IplParameterBlock, 1);
         cpu_physical_memory_read(addr, iplb, sizeof(iplb->len));
         if (!iplb_valid_len(iplb)) {
             env->regs[r1 + 1] = DIAG_308_RC_INVALID;
diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index b11a02706c..c91f63e397 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -479,7 +479,7 @@  int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, uint8_t ar, void *hostbuf,
 
     nr_pages = (((laddr & ~TARGET_PAGE_MASK) + len - 1) >> TARGET_PAGE_BITS)
                + 1;
-    pages = g_malloc(nr_pages * sizeof(*pages));
+    pages = g_new(typeof(*pages), nr_pages);
 
     ret = translate_pages(cpu, laddr, nr_pages, pages, is_write);
     if (ret == 0 && hostbuf != NULL) {
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 564292f54d..661ddce55b 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -343,8 +343,8 @@  void tcg_context_init(TCGContext *s)
         total_args += n;
     }
 
-    args_ct = g_malloc(sizeof(TCGArgConstraint) * total_args);
-    sorted_args = g_malloc(sizeof(int) * total_args);
+    args_ct = g_new(TCGArgConstraint, total_args);
+    sorted_args = g_new(int, total_args);
 
     for(op = 0; op < NB_OPS; op++) {
         def = &tcg_op_defs[op];
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index ef17629345..964e5155c5 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -155,7 +155,7 @@  static AHCIQState *ahci_vboot(const char *cli, va_list ap)
 {
     AHCIQState *s;
 
-    s = g_malloc0(sizeof(AHCIQState));
+    s = g_new0(AHCIQState, 1);
     s->parent = qtest_pc_vboot(cli, ap);
     alloc_set_flags(s->parent->alloc, ALLOC_LEAK_ASSERT);
 
diff --git a/tests/fw_cfg-test.c b/tests/fw_cfg-test.c
index 688342bed5..81f45bdfc8 100644
--- a/tests/fw_cfg-test.c
+++ b/tests/fw_cfg-test.c
@@ -79,8 +79,8 @@  static void test_fw_cfg_numa(void)
 
     g_assert_cmpint(qfw_cfg_get_u64(fw_cfg, FW_CFG_NUMA), ==, nb_nodes);
 
-    cpu_mask = g_malloc0(sizeof(uint64_t) * max_cpus);
-    node_mask = g_malloc0(sizeof(uint64_t) * nb_nodes);
+    cpu_mask = g_new0(uint64_t, max_cpus);
+    node_mask = g_new0(uint64_t, nb_nodes);
 
     qfw_cfg_read_data(fw_cfg, cpu_mask, sizeof(uint64_t) * max_cpus);
     qfw_cfg_read_data(fw_cfg, node_mask, sizeof(uint64_t) * nb_nodes);
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 1ca7f456b5..13c0749582 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -843,7 +843,7 @@  AHCICommand *ahci_command_create(uint8_t command_name)
     AHCICommand *cmd;
 
     g_assert(props);
-    cmd = g_malloc0(sizeof(AHCICommand));
+    cmd = g_new0(AHCICommand, 1);
     g_assert(!(props->dma && props->pio));
     g_assert(!(props->lba28 && props->lba48));
     g_assert(!(props->read && props->write));
diff --git a/tests/libqos/libqos.c b/tests/libqos/libqos.c
index 6226546c28..991bc1aec2 100644
--- a/tests/libqos/libqos.c
+++ b/tests/libqos/libqos.c
@@ -17,7 +17,7 @@  QOSState *qtest_vboot(QOSOps *ops, const char *cmdline_fmt, va_list ap)
 {
     char *cmdline;
 
-    struct QOSState *qs = g_malloc(sizeof(QOSState));
+    struct QOSState *qs = g_new(QOSState, 1);
 
     cmdline = g_strdup_vprintf(cmdline_fmt, ap);
     qs->qts = qtest_start(cmdline);
diff --git a/tests/libqos/malloc.c b/tests/libqos/malloc.c
index b8eff5f495..ac05874b0a 100644
--- a/tests/libqos/malloc.c
+++ b/tests/libqos/malloc.c
@@ -129,7 +129,7 @@  static MemBlock *mlist_new(uint64_t addr, uint64_t size)
     if (!size) {
         return NULL;
     }
-    block = g_malloc0(sizeof(MemBlock));
+    block = g_new0(MemBlock, 1);
 
     block->addr = addr;
     block->size = size;
@@ -305,8 +305,8 @@  QGuestAllocator *alloc_init(uint64_t start, uint64_t end)
     s->start = start;
     s->end = end;
 
-    s->used = g_malloc(sizeof(MemList));
-    s->free = g_malloc(sizeof(MemList));
+    s->used = g_new(MemList, 1);
+    s->free = g_new(MemList, 1);
     QTAILQ_INIT(s->used);
     QTAILQ_INIT(s->free);
 
diff --git a/tests/pc-cpu-test.c b/tests/pc-cpu-test.c
index c4211a4e85..11d3e810ef 100644
--- a/tests/pc-cpu-test.c
+++ b/tests/pc-cpu-test.c
@@ -87,7 +87,7 @@  static void add_pc_test_case(const char *mname)
     if (!g_str_has_prefix(mname, "pc-")) {
         return;
     }
-    data = g_malloc(sizeof(PCTestData));
+    data = g_new(PCTestData, 1);
     data->machine = g_strdup(mname);
     data->cpu_model = "Haswell"; /* 1.3+ theoretically */
     data->sockets = 1;
diff --git a/tests/qht-bench.c b/tests/qht-bench.c
index 2afa09d859..4e635ae0df 100644
--- a/tests/qht-bench.c
+++ b/tests/qht-bench.c
@@ -229,7 +229,7 @@  th_create_n(QemuThread **threads, struct thread_info **infos, const char *name,
     QemuThread *th;
     int i;
 
-    th = g_malloc(sizeof(*th) * n);
+    th = g_new(typeof(*th), n);
     *threads = th;
 
     info = qemu_memalign(64, sizeof(*info) * n);
@@ -287,7 +287,7 @@  static void htable_init(void)
     size_t i;
 
     /* avoid allocating memory later by allocating all the keys now */
-    keys = g_malloc(sizeof(*keys) * n);
+    keys = g_new(typeof(*keys), n);
     for (i = 0; i < n; i++) {
         keys[i] = populate_offset + i;
     }
diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index 23773d2051..2a8add5a56 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -122,7 +122,7 @@  static void hbitmap_test_truncate_impl(TestHBitmapData *data,
 
     n = hbitmap_test_array_size(size);
     m = hbitmap_test_array_size(data->old_size);
-    data->bits = g_realloc(data->bits, sizeof(unsigned long) * n);
+    data->bits = g_renew(unsigned long, data->bits, n);
     if (n > m) {
         memset(&data->bits[m], 0x00, sizeof(unsigned long) * (n - m));
     }
diff --git a/tests/test-iov.c b/tests/test-iov.c
index fa3d75aee1..e1d39f4d47 100644
--- a/tests/test-iov.c
+++ b/tests/test-iov.c
@@ -7,7 +7,7 @@ 
 static void iov_random(struct iovec **iovp, unsigned *iov_cntp)
 {
      unsigned niov = g_test_rand_int_range(3,8);
-     struct iovec *iov = g_malloc(niov * sizeof(*iov));
+     struct iovec *iov = g_new(typeof(*iov), niov);
      unsigned i;
      for (i = 0; i < niov; ++i) {
          iov[i].iov_len = g_test_rand_int_range(5,20);
diff --git a/tests/test-qmp-commands.c b/tests/test-qmp-commands.c
index acdded4d67..6d739ad339 100644
--- a/tests/test-qmp-commands.c
+++ b/tests/test-qmp-commands.c
@@ -28,8 +28,8 @@  UserDefTwo *qmp_user_def_cmd2(UserDefOne *ud1a,
                               Error **errp)
 {
     UserDefTwo *ret;
-    UserDefOne *ud1c = g_malloc0(sizeof(UserDefOne));
-    UserDefOne *ud1d = g_malloc0(sizeof(UserDefOne));
+    UserDefOne *ud1c = g_new0(UserDefOne, 1);
+    UserDefOne *ud1d = g_new0(UserDefOne, 1);
 
     ud1c->string = strdup(ud1a->string);
     ud1c->integer = ud1a->integer;
@@ -207,23 +207,23 @@  static void test_dealloc_types(void)
     UserDefOne *ud1test, *ud1a, *ud1b;
     UserDefOneList *ud1list;
 
-    ud1test = g_malloc0(sizeof(UserDefOne));
+    ud1test = g_new0(UserDefOne, 1);
     ud1test->integer = 42;
     ud1test->string = g_strdup("hi there 42");
 
     qapi_free_UserDefOne(ud1test);
 
-    ud1a = g_malloc0(sizeof(UserDefOne));
+    ud1a = g_new0(UserDefOne, 1);
     ud1a->integer = 43;
     ud1a->string = g_strdup("hi there 43");
 
-    ud1b = g_malloc0(sizeof(UserDefOne));
+    ud1b = g_new0(UserDefOne, 1);
     ud1b->integer = 44;
     ud1b->string = g_strdup("hi there 44");
 
-    ud1list = g_malloc0(sizeof(UserDefOneList));
+    ud1list = g_new0(UserDefOneList, 1);
     ud1list->value = ud1a;
-    ud1list->next = g_malloc0(sizeof(UserDefOneList));
+    ud1list->next = g_new0(UserDefOneList, 1);
     ud1list->next->value = ud1b;
 
     qapi_free_UserDefOneList(ud1list);
diff --git a/tests/test-qobject-output-visitor.c b/tests/test-qobject-output-visitor.c
index 4e8fdf1397..7aed8b2f30 100644
--- a/tests/test-qobject-output-visitor.c
+++ b/tests/test-qobject-output-visitor.c
@@ -367,7 +367,7 @@  static void test_visitor_out_union_flat(TestOutputVisitorData *data,
 {
     QDict *qdict;
 
-    UserDefFlatUnion *tmp = g_malloc0(sizeof(UserDefFlatUnion));
+    UserDefFlatUnion *tmp = g_new0(UserDefFlatUnion, 1);
     tmp->enum1 = ENUM_ONE_VALUE1;
     tmp->string = g_strdup("str");
     tmp->integer = 41;
diff --git a/ui/console.c b/ui/console.c
index d914cced53..8d3039aa64 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -1262,7 +1262,7 @@  static QemuConsole *new_console(DisplayState *ds, console_type_t console_type,
     s->ds = ds;
     s->console_type = console_type;
 
-    consoles = g_realloc(consoles, sizeof(*consoles) * (nb_consoles+1));
+    consoles = g_renew(typeof(*consoles), consoles, nb_consoles + 1);
     if (console_type != GRAPHIC_CONSOLE) {
         s->index = nb_consoles;
         consoles[nb_consoles++] = s;
diff --git a/ui/input-legacy.c b/ui/input-legacy.c
index 7159747404..581a41329a 100644
--- a/ui/input-legacy.c
+++ b/ui/input-legacy.c
@@ -93,7 +93,7 @@  void qmp_send_key(KeyValueList *keys, bool has_hold_time, int64_t hold_time,
     for (p = keys; p != NULL; p = p->next) {
         qemu_input_event_send_key(NULL, copy_key_value(p->value), true);
         qemu_input_event_send_key_delay(hold_time);
-        up = g_realloc(up, sizeof(*up) * (count+1));
+        up = g_renew(typeof(*up), up, count + 1);
         up[count] = copy_key_value(p->value);
         count++;
     }
diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
index 15a49ee53d..bf9b64f672 100644
--- a/ui/vnc-enc-tight.c
+++ b/ui/vnc-enc-tight.c
@@ -1476,7 +1476,7 @@  static int send_sub_rect(VncState *vs, int x, int y, int w, int h)
 #endif
 
     if (!color_count_palette) {
-        color_count_palette = g_malloc(sizeof(VncPalette));
+        color_count_palette = g_new(VncPalette, 1);
         vnc_tight_cleanup_notifier.notify = vnc_tight_cleanup;
         qemu_thread_atexit_add(&vnc_tight_cleanup_notifier);
     }
diff --git a/ui/vnc.c b/ui/vnc.c
index e0952441fc..f8ca4c6d7a 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2925,7 +2925,7 @@  static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
     VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
               sioc, websocket, vs->auth, vs->subauth);
 
-    vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
+    vs->lossy_rect = g_new0(typeof(*vs->lossy_rect), VNC_STAT_ROWS);
     for (i = 0; i < VNC_STAT_ROWS; ++i) {
         vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
     }
diff --git a/util/acl.c b/util/acl.c
index c105addadc..bd80c05bb7 100644
--- a/util/acl.c
+++ b/util/acl.c
@@ -66,7 +66,7 @@  qemu_acl *qemu_acl_init(const char *aclname)
     acl->nentries = 0;
     QTAILQ_INIT(&acl->entries);
 
-    acls = g_realloc(acls, sizeof(*acls) * (nacls +1));
+    acls = g_renew(typeof(*acls), acls, nacls + 1);
     acls[nacls] = acl;
     nacls++;
 
diff --git a/util/envlist.c b/util/envlist.c
index 1eeb7fca87..0079effd9a 100644
--- a/util/envlist.c
+++ b/util/envlist.c
@@ -218,7 +218,7 @@  envlist_to_environ(const envlist_t *envlist, size_t *count)
 	struct envlist_entry *entry;
 	char **env, **penv;
 
-	penv = env = g_malloc((envlist->el_count + 1) * sizeof(char *));
+	penv = env = g_new(char *, envlist->el_count + 1);
 
 	for (entry = envlist->el_entries.lh_first; entry != NULL;
 	    entry = entry->ev_link.le_next) {
diff --git a/util/hbitmap.c b/util/hbitmap.c
index 35088e19c4..277db3ee8d 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -629,7 +629,7 @@  void hbitmap_truncate(HBitmap *hb, uint64_t size)
         }
         old = hb->sizes[i];
         hb->sizes[i] = size;
-        hb->levels[i] = g_realloc(hb->levels[i], size * sizeof(unsigned long));
+        hb->levels[i] = g_renew(unsigned long, hb->levels[i], size);
         if (!shrink) {
             memset(&hb->levels[i][old], 0x00,
                    (size - old) * sizeof(*hb->levels[i]));
diff --git a/util/iohandler.c b/util/iohandler.c
index 623b55b9ec..518922dcea 100644
--- a/util/iohandler.c
+++ b/util/iohandler.c
@@ -128,7 +128,7 @@  int qemu_add_child_watch(pid_t pid)
             return 1;
         }
     }
-    rec = g_malloc0(sizeof(ChildProcessRecord));
+    rec = g_new0(ChildProcessRecord, 1);
     rec->pid = pid;
     QLIST_INSERT_HEAD(&child_watches, rec, next);
     return 0;
diff --git a/util/main-loop.c b/util/main-loop.c
index 19cad6b8b6..b82f1b24d0 100644
--- a/util/main-loop.c
+++ b/util/main-loop.c
@@ -279,7 +279,7 @@  static PollingEntry *first_polling_entry;
 int qemu_add_polling_cb(PollingFunc *func, void *opaque)
 {
     PollingEntry **ppe, *pe;
-    pe = g_malloc0(sizeof(PollingEntry));
+    pe = g_new0(PollingEntry, 1);
     pe->func = func;
     pe->opaque = opaque;
     for(ppe = &first_polling_entry; *ppe != NULL; ppe = &(*ppe)->next);
diff --git a/util/qemu-timer.c b/util/qemu-timer.c
index 82d56507a2..2f4e21c482 100644
--- a/util/qemu-timer.c
+++ b/util/qemu-timer.c
@@ -102,7 +102,7 @@  QEMUTimerList *timerlist_new(QEMUClockType type,
     QEMUTimerList *timer_list;
     QEMUClock *clock = qemu_clock_ptr(type);
 
-    timer_list = g_malloc0(sizeof(QEMUTimerList));
+    timer_list = g_new0(QEMUTimerList, 1);
     qemu_event_init(&timer_list->timers_done_ev, true);
     timer_list->clock = clock;
     timer_list->notify_cb = cb;
diff --git a/vl.c b/vl.c
index be4dcf25ba..ee384bc809 100644
--- a/vl.c
+++ b/vl.c
@@ -1339,7 +1339,7 @@  static int add_semihosting_arg(void *opaque,
     if (strcmp(name, "arg") == 0) {
         s->argc++;
         /* one extra element as g_strjoinv() expects NULL-terminated array */
-        s->argv = g_realloc(s->argv, (s->argc + 1) * sizeof(void *));
+        s->argv = g_renew(const char *, s->argv, s->argc + 1);
         s->argv[s->argc - 1] = val;
         s->argv[s->argc] = NULL;
     }