When the requested size is zero the behavior of the memory allocation functions malloc(), calloc(), and realloc() is implementation-defined. Section 7.22.3 of the C standard [ISO/IEC 9899:2011] states:
...
In addition, the amount of storage allocated by a successful call to the allocation function when 0 bytes was requested is unspecified. See unspecified behavior 41 in section J.1 of the standard.
In cases where the memory allocation functions return a non-null pointer, reading from or writing to the allocated memory area results in undefined behavior. Typically, the pointer refers to a zero-length block of memory consisting entirely of control structures. Overwriting these control structures will damage the data structures used by the memory.
...
MITRE CWE: CWE-687, "Function call with incorrectly specified argument value"
Bibliography
[Vanegue 2010] Automated vulnerability analysis of zero sized heap allocations.
[Seacord 2005a] Chapter 4, "Dynamic Memory Management"
...