...
Because C99 allows NULL to be either an integer constant or a pointer constant, any architecture where int is not the same size as a pointer might present a particular vulnerability with variadic functions. If NULL is defined as an int on such a platform, then sizeof(NULL) != sizeof(void *). Consequently, variadic functions that accept an argument of pointer type will not correctly promote NULL, resulting in which case to the correct size. Consequently, the following code will have undefined behavior:
...