Memory allocations have the behavior that they return a pointer to memory that can be read from and written to for a requested length. Additionally, such a pointer can be passed into another memory allocation routine, like “realloc” or “free,” for example.
A zero-length allocation is a special case. Because the requested length is zero bytes, an attempt should not be made to read from or write to the memory. Existing C/C++ code that treats zero-length allocations as a completely normal part of the process flow is pervasive. However, incorrect use of these zero-length allocations can be a source of software defects that are difficult to track down. Traditional implementations tend to present one or more of the following issues: 1) they break existing code; 2) they have security problems and make it easier for poorly written code to overwrite memory; and 3) their behavior is unpredictable (i.e., faulty code make work some of the time). When they do expose problematic code, the problem is difficult to diagnose.
A traditional memory allocator may handle a zero-length allocation in any of a number of different ways. For example, it may return a NULL (i. e., treat it as a failed allocation). This can break existing coding patterns that use zero-length allocations as normal cases in loops or user inputs. Though these coding patterns are arguably risky, they are pervasive in existing C/C++ code and perfectly safe if implemented correctly.
Another approach is to return the smallest possible allocation (i.e., treat the request as 1 byte instead of 0 bytes). This allows the existing C/C++ code to work, but has the drawback that it allows poorly written code to read to and write from the memory allocation. The may cause a runtime failure sporadically depending on the contents of memory surrounding the allocation. Additionally, this has security implications as any attempt to write to this memory location is, by definition, a memory corruption and buffer-overrun.
Still another approach is to return a well-known address. Previous versions of MICROSOFT EXCHANGE, for example, improve on this by returning a constant (like 0x00000001, for example) that points to memory that can neither be written to or read from. If improperly written code accesses this address an access violation occurs and the problem can be diagnosed. Though this is an improvement on the above methods, it has the following drawbacks. First, any constant value that is guaranteed to be inaccessible on any running system will have the drawback of being innocuous (like the number 1). Developers who see this in a problem report may not realize that this constant is associated with a zero-length allocation. Also, though the code that references that invalid memory address is often at fault, there are also cases where the code that does the allocation is at fault and is not near the code accessing the memory (like when the allocation is passed across an API boundary). This requires a customer to reproduce the problem with additional diagnostics enabled.