LibJS: Instrument HeapBlock cell allocation for ASAN

Mark the entirety of a heap block's storage poisoned at construction.
Unpoison all of a Cell's memory before allocating it, and re-poison as
much as possible on deallocation. Unfortunately, the entirety of the
FreelistEntry must be kept unpoisoned in order for reallocation to work
correctly.

Decreasing the size of FreelistEntry or adding a larger redzone to Cells
would make the instrumentation even better.

Userland/Libraries/LibJS/Heap/HeapBlock.h

@@ -7,10 +7,15 @@
 #pragma once
 
 #include <AK/IntrusiveList.h>
+#include <AK/Platform.h>
 #include <AK/Types.h>
 #include <LibJS/Forward.h>
 #include <LibJS/Heap/Cell.h>
 
+#ifdef HAS_ADDRESS_SANITIZER
+#    include <sanitizer/asan_interface.h>
+#endif
+
 namespace JS {
 
 class HeapBlock {
@@ -27,13 +32,18 @@ public:
 
     ALWAYS_INLINE Cell* allocate()
     {
+        Cell* allocated_cell = nullptr;
         if (m_freelist) {
             VERIFY(is_valid_cell_pointer(m_freelist));
-            return exchange(m_freelist, m_freelist->next);
+            allocated_cell = exchange(m_freelist, m_freelist->next);
+        } else if (has_lazy_freelist()) {
+            allocated_cell = cell(m_next_lazy_freelist_index++);
         }
-        if (has_lazy_freelist())
-            return cell(m_next_lazy_freelist_index++);
-        return nullptr;
+
+        if (allocated_cell) {
+            ASAN_UNPOISON_MEMORY_REGION(allocated_cell, m_cell_size);
+        }
+        return allocated_cell;
     }
 
     void deallocate(Cell*);