...
However, if no characters are entered, calc() will return 0. Because there is no validation on the result of calc(), a [malloc(0) [MEM04-A. Do not make assumptions about the result of allocating 0 bytes] could occur, which could lead to a buffer overflow.
...