I found a integer overflow bug in the FreeGuard. The code to trigger the bug is given below.

#include <stdio.h>
#include <stdlib.h>
#include <malloc.h>

int main() {
  void *p = malloc(-1);
  printf("%p\n", p);
}

Output for the above code is

$ LD_PRELOAD=./libguarder.so ./a.out
0x7f5a2cac8000

tested on Ubuntu 18.04.5 LTS.

Since 0xFFFFFFFFFFFFFFFF (2^64 - 1) is invalid size to alloc, malloc should return NULL pointer.
This happens because of canary size, always adding 1 to argument size.

I believe that there should be extra check for -1 size. Thank you.