...
However, this commonly recommended idiom has problems with zero-length allocations. If the value of nsize in this example is 0, the standard allows the option of either returning a null pointer or returning a pointer to an invalid (e.g., zero-length) object. In cases where the realloc() function frees the memory but returns a null pointer, execution of the code in this example results in a double free. If the realloc() function returns a non-NULLnull value, but the size was 0, the returned memory will be of size 0, and a heap overflow will occur if nonempty data is copied there.
...