Sometimes null is returned intentionally to account for 0 available instances. This practice can lead to denial-of-service vulnerabilities when the client code does not fails to explicitly handle the null return case.
...
Page History
Overview
Content Tools