[simiones]

Even for char*, it's very possible that malloc() will store more memory than strictly required. But you're right, `char x[] = "abc"` will require a minimum of 4 bytes wherever x gets allocated (stack or global segment).

> The heartbleed vulnerability was not due to mempool. It was due to a combination of lack of bounds checking, and not zeroing out the memory containing secure keys when its deallocated. Even if it didn't use mempool, leaks would still be possible.

I didn't say that the bug was caused by the mempool, I said that the bug was very hard to find by regular tools such as valgrind and UBSan because it used mempools instead of regular allocations - so that all of the logical out of bounds accesses were not actually UB nor were they accessing unallocated memory, which those tools could have caught.