...
However, this commonly recommended idiom has problems with zero length allocations. If the value of nsize in this example is 0, the standard allows the option of either returning a null pointer or returning a pointer to an invalid (e.g., zero-length) object. However, the standard does not dictate what the return value should be in either case. In cases where the realloc() function frees the memory but returns a null pointer, execution of this code will result the code in this example results in a double -free when free() is called.
Implementation Details
OpenBSD returns a valid The realloc() function for gcc 3.4.6 with libc 2.3.4 returns a non-NULL pointer to a zero-sized object (the same as malloc(0)). However, the realloc() function for both Microsoft Visual Studio Version 7.1 and gcc version 4.1.0 return a null pointer, resulting in a double free on the call to free() in this example.
...