LibJS: Randomize GC heap block locations

Allocate GC heap blocks with mmap(MAP_RANDOMIZED) for ASLR. This may very well be too aggressive in terms of fragmentation, and we can figure out ways to scale that back once it becomes a big problem. For now, this makes the GC heap a lot less predictable for an attacker.
2025-07-26 01:47:34 +00:00 · 2021-02-12 19:08:20 +01:00 · 2021-02-12 19:08:20 +01:00 · e8d3856736
commit e8d3856736
parent e050577f0a
1 changed files with 1 additions and 1 deletions
--- a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
+++ b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp
@ -38,7 +38,7 @@ NonnullOwnPtr<HeapBlock> HeapBlock::create_with_cell_size(Heap& heap, size_t cel
    char name[64];
    snprintf(name, sizeof(name), "LibJS: HeapBlock(%zu)", cell_size);
 #ifdef __serenity__
-    auto* block = (HeapBlock*)serenity_mmap(nullptr, block_size, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0, block_size, name);
+    auto* block = (HeapBlock*)serenity_mmap(nullptr, block_size, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_RANDOMIZED | MAP_PRIVATE, 0, 0, block_size, name);
 #else
    auto* block = (HeapBlock*)aligned_alloc(block_size, block_size);
 #endif