# jemalloc

## Intro

Jemalloc is a SMP enabled memory allocator originally designed for FreeBSD and widely used in many platforms such as Mozilla Firefox.

{% embed url="<http://jemalloc.net/jemalloc.3.html>" %}

If you're used with ptmalloc, notice that the concept of chunk is an entirely different thing for jemalloc, which we won't go much into, and what you'd usually call a chunk we'll call a region from now on. To dive deeper into jemalloc's internals, I recommend this awesome read by huku and argp:

{% embed url="<http://phrack.org/issues/68/13.html>" %}

The main difference between jemalloc and ptmalloc or dlmalloc is that jemalloc doesn't have inline metadata along with each allocation. Allocations go into regions and malloc returns a pointer to the region, similar to what ptmalloc does with chunks, but, instead of allocating different size chunks next to each other containing a size header, jemalloc creates different spaces in memory for each region size, called runs, so only same-sized regions are allocated contiguously.

If you ever encounter jemalloc in a CTF challenge the goal would likely be to allocate a region within the same run as some important structure and try to corrupt it as seen in the "Ancient House" challenge from InCTF2021:

{% content-ref url="../../inctf/2021/ancient-house" %}
[ancient-house](https://0xten.gitbook.io/public/inctf/2021/ancient-house)
{% endcontent-ref %}