I found an unexpected behavior in the allocator of guarder. The proof of concept code is the following.

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <malloc.h>

int main() {
  void **p = malloc(-8);
  printf("%p\n", *p);
  return 0;
}

An example output for the following code was

$ LD_PRELOAD=./libguarder.so ./bug
0x7f5a2cac8000

The execution environment was the most recent ubuntu 18.04. I used the head of the master branch, commit 9e85978aa2e883010cb5d0c4ae1ae7fe7b8fbe6c for libguarder.

The expected behavior is a segmentation fault, since the allocator cannot yield 2**64-8 bytes and p must be NULL. However, p becomes a valid pointer which contains data. (which is also a pointer, 0x7f5a2cac8000)

I believe that this is a bug, and it requires fixing. Thank you.