On 27 Feb 2021, at 02:38, Paul Dufresne <dufres...@zoho.com> wrote:
>
> Here is the relevant part in malloc.c:
I'd advise you to not delve too deeply into malloc. This is likely a
buffer overflow that then corrupts the (inline) state maintained by
malloc, so you really need to be looking at vim.
Jess
> /*
> Search for a chunk by scanning bins, starting with next largest
> bin. This search is strictly by best-fit; i.e., the smallest
> (with ties going to approximately the least recently used) chunk
> that fits is selected.
>
> The bitmap avoids needing to check that most blocks are nonempty.
> The particular case of skipping all bins during warm-up phases
> when no chunks have been returned yet is faster than it might look.
> */
>
> ++idx;
> bin = bin_at (av, idx);
> block = idx2block (idx);
> map = av->binmap[block];
> bit = idx2bit (idx);
>
> for (;; )
> {
> /* Skip rest of block if there are no more set bits in this block.
> */
> if (bit > map || bit == 0)
> {
> do
> {
> if (++block >= BINMAPSIZE) /* out of bins */
> goto use_top;
> }
> while ((map = av->binmap[block]) == 0);
>
> bin = bin_at (av, (block << BINMAPSHIFT));
> bit = 1;
> }
>
> /* Advance to bin with set bit. There must be one. */
> while ((bit & map) == 0)
> {
> bin = next_bin (bin);
> bit <<= 1;
> assert (bit != 0);
> }
>
> /* Inspect the bin. It is likely to be non-empty */
> victim = last (bin);
>
> /* If a false alarm (empty bin), clear the bit. */
> if (victim == bin)
> {
> av->binmap[block] = map &= ~bit; /* Write through */
> bin = next_bin (bin);
> bit <<= 1;
> }
>
> else
> {
> size = chunksize (victim);
>
> /* We know the first chunk in this bin is big enough to use. */
> assert ((unsigned long) (size) >= (unsigned long) (nb));
>
> remainder_size = size - nb;
>
> /* unlink */
> unlink_chunk (av, victim);
>
>
>
