It is to avoid integer overflows and to catch bogus allocations (e.g.,
the guest driver encodes an uninitialized value).
Signed-off-by: Chia-I Wu <olvaffe@gmail.com>
Reviewed-by: Ryan Neph <ryanneph@google.com>
Reviewed-by: Yiwei Zhang <zzyiwei@chromium.org>