improved security by encoding NULL values; double free mitigation on by default; more precise free list corruption detection

CMakeLists.txt

@@ -7,8 +7,7 @@ set(CMAKE_CXX_STANDARD 17)
 option(MI_OVERRIDE          "Override the standard malloc interface" ON)
 option(MI_INTERPOSE         "Use interpose to override standard malloc on macOS" ON)
 option(MI_DEBUG_FULL        "Use full internal heap invariant checking in DEBUG mode" OFF)
-option(MI_SECURE            "Use security mitigations (like guard pages, allocation randomization, and free-list corruption detection)" OFF)
-option(MI_SECURE_FULL       "Use full security mitigations, may be more expensive (includes double-free mitigation)" OFF)
+option(MI_SECURE            "Use full security mitigations (like guard pages, allocation randomization, double-free mitigation, and free-list corruption detection)" OFF)
 option(MI_USE_CXX           "Use the C++ compiler to compile the library" OFF)
 option(MI_SEE_ASM           "Generate assembly files" OFF)
 option(MI_LOCAL_DYNAMIC_TLS "Use slightly slower, dlopen-compatible TLS mechanism (Unix)" OFF)
@@ -70,15 +69,9 @@ if(MI_OVERRIDE MATCHES "ON")
   endif()
 endif()
 
-if(MI_SECURE_FULL MATCHES "ON")
-  message(STATUS "Set full secure build (may be more expensive) (MI_SECURE_FULL=ON)")
+if(MI_SECURE MATCHES "ON")
+  message(STATUS "Set full secure build (MI_SECURE=ON)")
   list(APPEND mi_defines MI_SECURE=4)
-  set(MI_SECURE "ON")
-else()
-  if(MI_SECURE MATCHES "ON")
-    message(STATUS "Set secure build (MI_SECURE=ON)")
-    list(APPEND mi_defines MI_SECURE=3)
-  endif()
 endif()
 
 if(MI_SEE_ASM MATCHES "ON")
@@ -92,7 +85,7 @@ if(MI_CHECK_FULL MATCHES "ON")
 endif()
 
 if(MI_DEBUG_FULL MATCHES "ON")
-  message(STATUS "Set debug level to full invariant checking (MI_DEBUG_FULL=ON)")
+  message(STATUS "Set debug level to full internal invariant checking (MI_DEBUG_FULL=ON)")
   list(APPEND mi_defines MI_DEBUG=3)   # full invariant checking
 endif()