If you want to go further, ASAN and Valgrind both have APIs for integrating custom allocators. So you basically do what ASAN does with malloc in the first place—allocate (a bit more) memory, poison it, then pad all user allocations on both ends and only unpoison the actually requested part.
It is wrong to just use malloc() to make the arena? This way, sanitizers will still help you a bit. It will not help with everything you do within the arena, but it may detect it if you access outside the arena, like the problem the author has.
Other than that, I think using guard pages is the technique libefence (electric fence) uses.