With such a poor random number generator you only raise a bar slightly higher whereby attackers have to predict your "random" canary in their exploits.
Also, since you initialize "__heap_magic" once per process, an attacker
might be able to use nmap to determine the uptime of the victim machine
which will quite precisely determine when a process was started (a valid
assumption for daemon processes).
-- William Robertson Reliable Software Group, UC Santa Barbara http://www.cs.ucsb.edu/~wkr/