Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The result of calling malloc(0) or calloc() - calloc(1,0), calloc(0,0), or calloc(0,1) - to allocate 0 bytes is undefinedimplementation defined. From a practical standpoint, allocating 0 bytes with calloc() and malloc() can lead to programming errors with critical security implications, such as buffer overflows. This occurs because the result of allocating 0 bytes with calloc() and malloc() may not be considered an error, thus the pointer returned may not be NULL. Instead, the pointer may reference a block of memory on the heap of size zero. If memory is fetched from or stored in that location, a serious error could occur.

...