...
This vulnerability in Adobe Flash arises because Flash passes a signed integer to calloc(). An attacker has control over this integer, and can send negative numbers. Since Because calloc() takes size_t, which is unsigned, the negative number is converted to a very large number, which is generally too big to allocate, and as a result calloc() returns NULL, as a result permitting the vulnerability to exist.
...