Heap spray code snippet from lcamtuf's ref_fuzz5 JavaScript DOM fuzzer

ref_fuzz5.js

function heap_spray() {

  if (MEGS == 0 || R(2) == 0) return;

  if (!spray_str) {
    var spray_str = "ABCDABCD";
    for (var i=0;i<21;i++) spray_str += spray_str; /* 16M */
  }

  window.name = Math.random() + spray_str + Math.random();

  eval("window.name=''");

}