💻
0xTen
  • Intro
  • 🚩CTFs
  • Hackthebox👽
    • Boxes
      • Attended
    • Challenges
      • knote
    • Business Ctf
      • 2022
        • Midenios
  • UHC🔮
    • Quals
      • 8th Edition
        • Super Secret Password
        • Trampoline
        • I like to buy or smth
  • pwnable.kr🐱
    • Toddler's Bottle
      • fd
      • bof
      • random
      • uaf
  • Boitatech🐍
    • 2021
      • bankapp
  • DEFCON☠️
    • 2022
      • Quals
        • Smuggler's Cove
  • RealWorld CTF🐉
    • 2022
  • Dice CTF 🎲
    • 2022
      • babyrop
    • 2023
  • Insomnihack💀
    • 2022
  • ClearSale CTF🏆
    • 2021
      • Secret Notes
      • Esse Esse Erre Effe
      • Fresca Soda
      • Healthchecker
  • InCTF🏆
    • 2021
      • Ancient House
  • ASIS CTF🏆
    • 2020
      • Shared house
    • 2021
      • Mini Memo
  • N1CTF🏆
    • 2021
      • babyguess
  • HacktivityCon🏆
    • 2021
      • faucet
      • pawned
      • retcheck
      • shellcoded
      • the library
      • yabo
  • 🖥️Pwn
    • ROP↩️
      • x64 ret2libc
    • Heap⛰️
      • jemalloc
      • Fastbin dup - 2.31
      • Chunk Overlapping - 2.31
      • phoenix
        • heap-zero
          • i486
        • heap-one
          • i486
    • Format strings🩸
      • Blind
    • Kernel🌽
    • Browser🤖
  • 🕸️Web
    • SQLi💉
      • Blind (Boolean Based)
Powered by GitBook
On this page

Was this helpful?

  1. Pwn
  2. Heap⛰️

jemalloc

PreviousHeap⛰️NextFastbin dup - 2.31

Last updated 3 years ago

Was this helpful?

Intro

Jemalloc is a SMP enabled memory allocator originally designed for FreeBSD and widely used in many platforms such as Mozilla Firefox.

If you're used with ptmalloc, notice that the concept of chunk is an entirely different thing for jemalloc, which we won't go much into, and what you'd usually call a chunk we'll call a region from now on. To dive deeper into jemalloc's internals, I recommend this awesome read by huku and argp:

The main difference between jemalloc and ptmalloc or dlmalloc is that jemalloc doesn't have inline metadata along with each allocation. Allocations go into regions and malloc returns a pointer to the region, similar to what ptmalloc does with chunks, but, instead of allocating different size chunks next to each other containing a size header, jemalloc creates different spaces in memory for each region size, called runs, so only same-sized regions are allocated contiguously.

If you ever encounter jemalloc in a CTF challenge the goal would likely be to allocate a region within the same run as some important structure and try to corrupt it as seen in the "Ancient House" challenge from InCTF2021:

🖥️
Ancient House
JEMALLOC
.:: Phrack Magazine ::.