...
If this noncompliant code is compiled with GCC 3.4.6 and linked with libc 2.3.4, invoking realloc(p, 0) returns a non-null pointer to a zero-sized object (the same as malloc(0)). However, if the same code is compiled with either Microsoft Visual Studio Version 7.1 or GCC version 4.1.0 , realloc(p, 0) returns a null pointer, resulting in a double-free vulnerability.
...
| [ISO/IEC 9899:2011] | Section 7.22.3, "Memory Management Functions" |
| [Seacord 2005a] | Chapter 4, "Dynamic Memory Management" |
| [Vanegue 2010] | "Automated Vulnerability Analysis of Zero-Sized Heap Allocations" |