Consider building with _FORTIFY_SOURCE=3
According to https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level, _FORTIFY_SOURCE=3
improves memory management protections. It requires glibc 2.34. It's been supported in Clang "for some time" and support was added to GCC 12.