When the underlying allocator fails, it still constructs a slice with a null pointer as the base of the slice and the length of the requested layout. Note: the basic idea is sound, the slice must have been initialized as required by the unsafe trait GlobalAlloc. One could argue that the check is not very effective at detecting whether the slice is left uninitialized—as the compiler might decide to have it succeed anyways as part of the UB that results from this— but in general it probably work out.