diff --git a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
index 27f10a5e92..0341eeb243 100644
--- a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
+++ b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
@@ -75,6 +75,8 @@ HeapBlock::HeapBlock(Heap& heap, size_t cell_size)
 
 void HeapBlock::deallocate(Cell* cell)
 {
+    ASSERT(is_valid_cell_pointer(cell));
+    ASSERT(!m_freelist || is_valid_cell_pointer(m_freelist));
     ASSERT(cell->is_live());
     ASSERT(!cell->is_marked());
     cell->~Cell();
diff --git a/Userland/Libraries/LibJS/Heap/HeapBlock.h b/Userland/Libraries/LibJS/Heap/HeapBlock.h
index f5a3493c57..6cc3e5acb1 100644
--- a/Userland/Libraries/LibJS/Heap/HeapBlock.h
+++ b/Userland/Libraries/LibJS/Heap/HeapBlock.h
@@ -51,6 +51,7 @@ public:
     {
         if (!m_freelist)
             return nullptr;
+        ASSERT(is_valid_cell_pointer(m_freelist));
         return exchange(m_freelist, m_freelist->next);
     }
 
@@ -80,6 +81,11 @@ public:
         return cell(cell_index);
     }
 
+    bool is_valid_cell_pointer(const Cell* cell)
+    {
+        return cell_from_possible_pointer((FlatPtr)cell);
+    }
+
     IntrusiveListNode m_list_node;
 
 private: