--- libmalloc/libmalloc-657.80.3/src/malloc_common.c
+++ libmalloc/libmalloc-792.80.2/src/malloc_common.c
@@ -163,6 +163,23 @@
 	return 0;
 }
 
+MALLOC_NOEXPORT MALLOC_NOINLINE
+void
+___BUG_IN_CLIENT_OF_LIBMALLOC_POINTER_BEING_FREED_WAS_NOT_ALLOCATED(
+		int flags, void *__unsafe_indexable ptr)
+{
+#if CONFIG_MTE
+	if (malloc_has_sec_transition && memtag_handle_mismatch(ptr)) {
+		// If the tag is wrong and memtag_check_mismatch(ptr) didn't abort, we
+		// must be in soft mode, so we'll ignore it
+		return;
+	}
+#endif
+
+	malloc_report(flags, "*** error for object %p: "
+		"pointer being freed was not allocated\n", ptr);
+}
+
 #if !MALLOC_TARGET_EXCLAVES && !MALLOC_TARGET_EXCLAVES_INTROSPECTOR
 
 #if CONFIG_CHECK_PLATFORM_BINARY
@@ -182,22 +199,34 @@
 	return (flags & CS_PLATFORM_BINARY);
 }
 
-#if CONFIG_CHECK_SECURITY_POLICY
 bool malloc_internal_security_policy = false;
-#endif // CONFIG_CHECK_SECURITY_POLICY
 
 bool
-_malloc_allow_internal_security_policy(void)
-{
-#if TARGET_OS_SIMULATOR
-	return true;
-#elif defined(_COMM_PAGE_DEV_FIRM)
-	return !!*((uint32_t *)_COMM_PAGE_DEV_FIRM);
-#else
-	// For backwards compatibility on x86, where we don't have that comm page
-	// bit, keep parsing the environment variables as we did before
-	return true;
+_malloc_allow_internal_security_policy(const char *envp[])
+{
+#if !TARGET_OS_SIMULATOR && defined(_COMM_PAGE_DEV_FIRM)
+	if (!*((uint32_t *)_COMM_PAGE_DEV_FIRM)) {
+		return false;
+	}
 #endif
+
+#if CONFIG_FEATUREFLAGS_SIMPLE
+	if (os_feature_enabled_simple(libmalloc, AllowInternalSecurityPolicy,
+			false)) {
+		return true;
+	}
+#endif
+
+	const char *flag = _simple_getenv(envp, "MallocAllowInternalSecurity");
+	if (flag) {
+		const char *endp;
+		long value = malloc_common_convert_to_long(flag, &endp);
+		if (!*endp && endp != flag && (value == 0 || value == 1)) {
+			return (bool)value;
+		}
+	}
+
+	return false;
 }
 
 #endif // !MALLOC_TARGET_EXCLAVES && !MALLOC_TARGET_EXCLAVES_INTROSPECTOR