The basic idea here is that json.c should be using xmalloc for
allocation anyway, for reasons other than size overflow checking.
I don't think Jansson can use xmalloc because xmalloc can exit nonlocally, which is not expected by a third-party library such as Jansson. It could use a suitable wrapper of lmalloc, though.