[metadata]
id = "MEM04-C"
type = "recommendation"
category = "MEM"
number = 4
title = "Beware of zero-length allocations"
description = """
When the requested size is 0, the behavior of the memory allocation
functionsmalloc(),calloc(), andrealloc()isimplementation-defined. Subclause
7.22.3 of the C Standard [ISO/IEC 9899:2011] states: In addition, the amount of
storage allocated by a successful call to the allocation function when 0 bytes
was requested isunspecified. Seeunspecified behavior 41in subclause J.1 of the C
Standard. In cases where the memory allocation functions return a non-null
pointer, reading from or writing to the allocated memory area results
inundefined behavior. Typically, the pointer refers to a zero-length block of
memory consisting entirely of control structures. Overwriting these control
structures damages the data structures used by the memory manager.
"""
severity = "Low"
likelihood = "Likely"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "Oct 29, 2025"
[rules.cert_c.MEM04-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/MEM04-C.+Beware+of+zero-length+allocations"
cwe = ["CWE-687"]