C++ allows NULL to be a literal 0 [1], and this actually happens on some Linux
systems when linux/stddef.h happens to be included [2]. When 0 is passed to a
variadic function as a 7th or later argument, it is passed on the stack, and
Clang encodes this on AMD64 with "mov dword ptr [rsp], 0" because it is an
int. This sets lower 32 bits to zero, but leaves upper 32 bits unchanged.
When they happen to be non zero, the called function that expects the last
argument to be a zero pointer reads past the last intended argument and
eventually segfaults.

[1] https://en.cppreference.com/w/cpp/types/NULL
[2] https://stackoverflow.com/a/31285400/1687334
[3] https://godbolt.org/g/o4Av7Q