From e8d3856736925311e35e0a6b9027b0e8f1deb92f Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Fri, 12 Feb 2021 19:08:20 +0100
Subject: [PATCH] LibJS: Randomize GC heap block locations

Allocate GC heap blocks with mmap(MAP_RANDOMIZED) for ASLR.

This may very well be too aggressive in terms of fragmentation, and we
can figure out ways to scale that back once it becomes a big problem.

For now, this makes the GC heap a lot less predictable for an attacker.
---
 Userland/Libraries/LibJS/Heap/HeapBlock.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
index 250fcd6d3c..27f10a5e92 100644
--- a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
+++ b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
@@ -38,7 +38,7 @@ NonnullOwnPtr<HeapBlock> HeapBlock::create_with_cell_size(Heap& heap, size_t cel
     char name[64];
     snprintf(name, sizeof(name), "LibJS: HeapBlock(%zu)", cell_size);
 #ifdef __serenity__
-    auto* block = (HeapBlock*)serenity_mmap(nullptr, block_size, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0, block_size, name);
+    auto* block = (HeapBlock*)serenity_mmap(nullptr, block_size, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_RANDOMIZED | MAP_PRIVATE, 0, 0, block_size, name);
 #else
     auto* block = (HeapBlock*)aligned_alloc(block_size, block_size);
 #endif