...
In this example, the user defined function calc_size (not shown) is used to calculate the size of the string other_srting. The result of calc_size is returned to str_size and used as the size parameter in a call to callocmalloc. However, if calc_size returned zero, then when the strncpy is executed, a heap buffer overflow will occur.
...
Compliant Code Example 1
To assure that zero (0) is never passed as a size argument to malloc, a check must be made on the size parameter.
...