> I selected 0xdf a long time ago as an alternative to the 0xd0 (Duh) > byte used for new chunks. Both as a mnemonic for "free" and because it > is likely to cause segfaults. A pointer ending in 0xdf often will be > unaligned. Of course that won't work on all archs or all pointers. > > Random patterns are also likely to produce segfaults, using them as a > pointer has a big chance of being unaligned or pointing to an unmapped > page.
Did you ever try filling all allocations and frees with random data to see if it exposes new bugs? Having that option could be useful for testing & development. The d0 & df patterns can hide problems, I've found the hard way. E.g. in integer comparisons there's a good chance they will consistently take you to the same branch, and that could be a branch where your use of freed or unitialized memory doesn't manifest in any observable malbehavior. Random data would likely trigger such snafus.