The result of calling malloc(0)
or calloc()
to allocate 0 bytes (calloc(1,0)
, calloc(0,0)
, or calloc(0,1)
) is undefined. From a practical standpoint, allocating 0 bytes with calloc()
and malloc()
can lead to programming errors with critical security implications, such as buffer overflows. This occurs because the result of allocating 0 bytes with calloc()
and malloc()
may not considered an error, thus the pointer returned may not be NULL
. Instead, the pointer may reference a block of memory on the heap of size zero. If memory is fetched from, or stored in this a location serious error could occur.
Non-compliant Code Example 1
In this example, a dynamic array of integers is allocated to store s
elements. However, if s
is zero, the call to malloc(s)
will return a reference to a block of memory of size 0. When data is copied to this location, a heap-buffer overflow will occur.
list = (int*)malloc(s); if (i_list == NULL) { /* Handle Allocation Error */ } /* Continue Processing list */
Compliant Code Example 1
To assure that zero is never passed as a size argument to malloc()
, a check must be made on s
to assure it is not zero.
if (s== 0) { /* Handle Error */ } list = (int*)malloc(s); if (i_list == NULL) { /* Handle Allocation Error */ } /* Continue Processing list */
References
- Seacord 05 Chapter 4 Dynamic Memory Management