diff --git a/cfg.mk b/cfg.mk
index c13db18eba..f91c90c6e8 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -316,6 +316,12 @@ sc_prohibit_internal_functions:
 	halt='use VIR_ macros instead of internal functions'		\
 	  $(_sc_search_regexp)
 
+# Avoid raw malloc and free, except in documentation comments.
+sc_prohibit_raw_allocation:
+	@prohibit='^.[^*].*\<((m|c|re)alloc|free) *\([^)]'		\
+	halt='use VIR_ macros from memory.h instead of malloc/free'	\
+	  $(_sc_search_regexp)
+
 # Avoid functions that can lead to double-close bugs.
 sc_prohibit_close:
 	@prohibit='([^>.]|^)\<[fp]?close *\('				\
@@ -737,6 +743,9 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
   ^((po|tests)/|docs/.*py$$|tools/(virsh|console)\.c$$)
 
+exclude_file_name_regexp--sc_prohibit_raw_allocation = \
+  ^(src/util/memory\.[ch]|(examples|python|tests)/.*)$$
+
 exclude_file_name_regexp--sc_prohibit_readlink = ^src/util/util\.c$$
 
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/util\.c$$
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index c65c75c325..44dd70b9ed 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -592,7 +592,7 @@ virNetworkDNSSrvDefParseXML(virNetworkDNSDefPtr def,
         virAsprintf(&name, _("Service name is too long, limit is %d bytes"), DNS_RECORD_LENGTH_SRV);
         virNetworkReportError(VIR_ERR_XML_DETAIL,
                               "%s", name);
-        free(name);
+        VIR_FREE(name);
         goto error;
     }
 
diff --git a/src/cpu/cpu.c b/src/cpu/cpu.c
index 1f3993429e..01c31bbe39 100644
--- a/src/cpu/cpu.c
+++ b/src/cpu/cpu.c
@@ -1,7 +1,7 @@
 /*
  * cpu.c: internal functions for CPU manipulation
  *
- * Copyright (C) 2009-2011 Red Hat, Inc.
+ * Copyright (C) 2009-2012 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -220,7 +220,7 @@ cpuDataFree(const char *arch,
         return;
     }
 
-    driver->free(data);
+    (driver->free)(data);
 }
 
 
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 24830e8e1c..62621f1f7e 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1,6 +1,7 @@
 /*---------------------------------------------------------------------------*/
-/*  Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
- *  Copyright (C) 2011 Univention GmbH.
+/* Copyright (C) 2012 Red Hat, Inc.
+ * Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ * Copyright (C) 2011 Univention GmbH.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -466,7 +467,7 @@ libxlMakeDomBuildInfo(virDomainDefPtr def, libxl_domain_config *d_config)
         }
         if (def->os.kernel) {
             /* libxl_init_build_info() sets kernel.path = strdup("hvmloader") */
-            free(b_info->kernel.path);
+            VIR_FREE(b_info->kernel.path);
             if ((b_info->kernel.path = strdup(def->os.kernel)) == NULL) {
                 virReportOOMError();
                 goto error;
@@ -707,7 +708,7 @@ libxlMakeVfb(libxlDriverPrivatePtr driver, virDomainDefPtr def,
             listenAddr = virDomainGraphicsListenGetAddress(l_vfb, 0);
             if (listenAddr) {
                 /* libxl_device_vfb_init() does strdup("127.0.0.1") */
-                free(x_vfb->vnclisten);
+                VIR_FREE(x_vfb->vnclisten);
                 if ((x_vfb->vnclisten = strdup(listenAddr)) == NULL) {
                     virReportOOMError();
                     return -1;
@@ -827,7 +828,7 @@ libxlMakeDeviceModelInfo(virDomainDefPtr def, libxl_domain_config *d_config)
         /* HVM-specific device model info */
         dm_info->type = XENFV;
         if (def->os.nBootDevs > 0) {
-            free(dm_info->boot);
+            VIR_FREE(dm_info->boot);
             for (i = 0; i < def->os.nBootDevs; i++) {
                 switch (def->os.bootDevs[i]) {
                     case VIR_DOMAIN_BOOT_FLOPPY:
@@ -866,7 +867,7 @@ libxlMakeDeviceModelInfo(virDomainDefPtr def, libxl_domain_config *d_config)
             /* driver handles selection of free port */
             dm_info->vncunused = 0;
             if (d_config->vfbs[0].vnclisten) {
-                free(dm_info->vnclisten);
+                VIR_FREE(dm_info->vnclisten);
                 if ((dm_info->vnclisten =
                      strdup(d_config->vfbs[0].vnclisten)) == NULL) {
                     virReportOOMError();
diff --git a/src/rpc/virnetmessage.c b/src/rpc/virnetmessage.c
index 8abf5ab5bc..17ecc90eb7 100644
--- a/src/rpc/virnetmessage.c
+++ b/src/rpc/virnetmessage.c
@@ -1,7 +1,7 @@
 /*
  * virnetmessage.c: basic RPC message encoding/decoding
  *
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2012 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -466,26 +466,27 @@ void virNetMessageSaveError(virNetMessageErrorPtr rerr)
     if (rerr->code != VIR_ERR_OK)
         return;
 
+    memset(rerr, 0, sizeof(*rerr));
     virErrorPtr verr = virGetLastError();
     if (verr) {
         rerr->code = verr->code;
         rerr->domain = verr->domain;
-        rerr->message = verr->message ? malloc(sizeof(char*)) : NULL;
-        if (rerr->message) *rerr->message = strdup(verr->message);
+        if (verr->message && VIR_ALLOC(rerr->message) == 0)
+            *rerr->message = strdup(verr->message);
         rerr->level = verr->level;
-        rerr->str1 = verr->str1 ? malloc(sizeof(char*)) : NULL;
-        if (rerr->str1) *rerr->str1 = strdup(verr->str1);
-        rerr->str2 = verr->str2 ? malloc(sizeof(char*)) : NULL;
-        if (rerr->str2) *rerr->str2 = strdup(verr->str2);
-        rerr->str3 = verr->str3 ? malloc(sizeof(char*)) : NULL;
-        if (rerr->str3) *rerr->str3 = strdup(verr->str3);
+        if (verr->str1 && VIR_ALLOC(rerr->str1) == 0)
+            *rerr->str1 = strdup(verr->str1);
+        if (verr->str2 && VIR_ALLOC(rerr->str2) == 0)
+            *rerr->str2 = strdup(verr->str2);
+        if (verr->str3 && VIR_ALLOC(rerr->str3) == 0)
+            *rerr->str3 = strdup(verr->str3);
         rerr->int1 = verr->int1;
         rerr->int2 = verr->int2;
     } else {
         rerr->code = VIR_ERR_INTERNAL_ERROR;
         rerr->domain = VIR_FROM_RPC;
-        rerr->message = malloc(sizeof(char*));
-        if (rerr->message) *rerr->message = strdup(_("Library function returned error but did not set virError"));
+        if (VIR_ALLOC(rerr->message) == 0)
+            *rerr->message = strdup(_("Library function returned error but did not set virError"));
         rerr->level = VIR_ERR_ERROR;
     }
 }
diff --git a/tools/virsh.c b/tools/virsh.c
index 42985a9217..ed1dbb8d9c 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -436,9 +436,9 @@ static int parseRateStr(const char *rateStr, virNetDevBandwidthRatePtr rate);
 static void *
 _vshMalloc(vshControl *ctl, size_t size, const char *filename, int line)
 {
-    void *x;
+    char *x;
 
-    if ((x = malloc(size)))
+    if (VIR_ALLOC_N(x, size) == 0)
         return x;
     vshError(ctl, _("%s: %d: failed to allocate %d bytes"),
              filename, line, (int) size);
@@ -448,9 +448,10 @@ _vshMalloc(vshControl *ctl, size_t size, const char *filename, int line)
 static void *
 _vshCalloc(vshControl *ctl, size_t nmemb, size_t size, const char *filename, int line)
 {
-    void *x;
+    char *x;
 
-    if ((x = calloc(nmemb, size)))
+    if (!xalloc_oversized(nmemb, size) &&
+        VIR_ALLOC_N(x, nmemb * size) == 0)
         return x;
     vshError(ctl, _("%s: %d: failed to allocate %d bytes"),
              filename, line, (int) (size*nmemb));