Recent Linux glibc's have a facility called MALLOC_CHECK_.
Doing export MALLOC_CHECK_=2 in your shell will call your next run of badmalloc to emit a SIGABORT; which shows up in gdb inside malloc. Still not too useful.
Electric fence is a modified malloc implementation. Recompile with:
gcc badmalloc.c -g -o badmalloc -lefence
now run this under gdb and you will see the failure at the point of corruption - the array assignment.
There are subtleties to efence - look at the docs.