Integer values used as a size argument to malloc(), calloc(), or realloc() must be valid and large enough to contain the type of object to be stored. If size arguments are incorrect , or can be manipulated by an attacker, then a buffer overflow may occur. Incorrect size arguments, inadequate range checking, integer overflow, or truncation can result in the allocation of an inadequately sized buffer. The programmer must ensure that size arguments to memory allocation functions allocate sufficient memory.
...