Incomputer security,heap feng shui (also known asheap grooming^[1]) is a technique used inexploits to facilitatearbitrary code execution.^[2] The technique attempts to manipulate the layout of theheap by making heap allocations of carefully selected sizes. It is named afterfeng shui, an ancient Chinese system of aesthetics that involves the selection of precise alignments in space.

The term is general and can be used to describe a variety of techniques for bypassingheap protection strategies. The paper often credited with naming the technique, "Heap Feng Shui in JavaScript",^[3] used it to refer to an exploit in which adangling pointer was aligned with a portion of an attacker-controlled chunk. However, it has also found usage incapture the flag events to describe attacks that exploit characteristics of heap layout, such as the spacing between chunks.^[4]

• Heap spraying
• JIT spraying

• Heap Feng Shui in JavaScript - Whitepaper by Alexander Sotirov
• Heap Feng Shui in JavaScript - Slides of the BlackHat presentation on this subject.

Thiscomputer security article is astub. You can help Wikipedia byexpanding it.

• v
• t
• e

• Computer security exploits
• Computer security stubs

• All stub articles