Sorry, not best practice nor very clever; if negative numbers are in the list this will crash terribly.
And allocating so much memory might work on CW platform, but is not portable at all.

Sorry man, could you explain to me why you allocated 2 freaking Gb of memory to solve this problem?

Not for the poor memory

Can't say I understand the for loop. Could you please explain? :)

It must be clever I use this sometimes as well hehe but it uses too much memory.

Really best practice to calloc INT_MAX?

You are absolutely correct and I'm a little bit ashamed that I didn't see that.
Thank you very much!

Was the last line of your example meant to be remove_char(str2, str1);? Your solution would overflow in that case.

For example, assuming the str1 consists of 6 characters (including null terminator) The str2 is correctly allocated 4 characters (to fit two less characters). When passed to your implementation of the remove_char the call strcpy(dst, src + 1); writes 5 characters to dst/str2 thus overflowing.

In C code I see out in the wild this is common:

size_t str1_length = strlen(str1);
char *str2 = malloc(str1_length >= 2? str1_length - 1 : 0);
remove_char(str2, some_str);

As long as it's not an explicit requirement that the first argument is a pointer to a null-terminated string the caller can pass a pointer to some object that's large enough to hold the result, e.g. some uninitialized memory.

The problem is the function overflows when the user calls it with reasonable arguments, ie a valid src and a dst with the exact size.

The kata description suggests that input will consist of 2 characters or more, so calling strlen(src) in this case makes sense.

Yes, that's correct. Other possible problems are if any the pointers is invalid.
But that's not uncommon in C. Take strcpy(dst, src) for example. If dst is too small or any of the pointers is invalid the behavior is undefined.

IMHO calling strlen(src) is not an option because that might not point to a null-terminated string but to some uninitialized memory.

It will overflow, if the dst size is set to exactly fit the trimmed string.