...
If the size of the space requested is zero, the behavior is implementation-defined: either a NULL pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.
...
The result of calling malloc(0) to allocate 0 bytes is implementation-defined. In this example, a dynamic array of integers is allocated to store size elements. However, if size is zero, the call to malloc(size) may return a reference to a block of memory of size 0 rather than NULL. When data is copied to this location, a heap-buffer overflow occurs.
...