https://issues.dlang.org/show_bug.cgi?id=20490

          Issue ID: 20490
           Summary: malloc and free should be @safe / @trusted
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P1
         Component: druntime
          Assignee: nobody@puremagic.com
          Reporter: n8sh.secondary@hotmail.com

malloc and calloc should be @trusted because by specification they cannot corrupt memory regardless of what arguments they are passed. core.stdc.stdlib.d has this comment explaining why they aren't @trusted:

// We don't mark these @trusted. Given that they return a void*, one has // to do a pointer cast to do anything sensible with the result. Thus, // functions using these already have to be @trusted, allowing them to // call @system stuff anyway.

That comment is longer than just writing @trusted twice. Moreover since that comment was written Phobos has adopted the style of wrapping individual statements in @trusted lambdas instead of marking entire functions as @trusted.

--