Infiltrate Security Conference OPEN CFP


A Tale of Two Mallocs: On Android libc Allocators

Heap exploitation

Android's libc allocator uses one of two malloc implementations: dlmalloc or jemalloc. This talk explores the technical details of these malloc implementations with a deep dive into the pertinent details of each of them, with the goal of understanding exactly how they function. Details of the allocation and free algorithms will be discussed, as well as the data structures and metadata used by each allocator. We will also discuss various techniques that can be used when trying to perform heap shaping and exploitation of heap buffer overflows on Android devices using these allocators. The talk discusses the allocators from the perspective of an exploit implementer trying to exploit an Android heap memory corruption bug. This is the first public talk by an employee of NSO group, and promises to be full of juicy technical details.

Back to Open CFP


Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: