...
However, this commonly recommended idiom has problems with zero length allocations. If the value of nsize in this example is 0, the standard allows the option of either returning a null pointer or returning a pointer to an invalid (e.g., zero-length) object. However, the standard does not dictate what the return value should be either case. In cases where the realloc() function frees the memory but returns a null pointer, execution of this code will result in a double-free when free() is called.
Implementation Details
OpenBSD returns Both glibc and OpenBSD return a valid pointer to a zero-sized object (the same as malloc(0)). However, the realloc() function for both Microsoft Visual Studio Version 7.1 returns and gcc version 4.1.0 return a null pointer, resulting in a double free on the call to free() in this example.
...