Hi. I am testing a secure allocator and found integer overflow.
Here is PoC code.

#include <stdio.h>
#include <stdlib.h>

int main() {
  fprintf(stderr, "%p\n", malloc(-8));
}

$ LD_PRELOAD=$(pwd)/libisoalloc.so ./poc
0x7febb1fa3000

It seems because you don't have integer overflow check in ROUND_UP_PAGE(size).

Best,
Insu Yun.