bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: daily: vim problem again


From: Jessica Clarke
Subject: Re: daily: vim problem again
Date: Sat, 27 Feb 2021 04:29:01 +0000

On 27 Feb 2021, at 02:38, Paul Dufresne <dufresnep@zoho.com> wrote:
> 
> Here is the relevant part in malloc.c:

I'd advise you to not delve too deeply into malloc. This is likely a
buffer overflow that then corrupts the (inline) state maintained by
malloc, so you really need to be looking at vim.

Jess

>     /*
>         Search for a chunk by scanning bins, starting with next largest
>         bin. This search is strictly by best-fit; i.e., the smallest
>         (with ties going to approximately the least recently used) chunk
>         that fits is selected.
> 
>         The bitmap avoids needing to check that most blocks are nonempty.
>         The particular case of skipping all bins during warm-up phases
>         when no chunks have been returned yet is faster than it might look.
>       */
> 
>      ++idx;
>      bin = bin_at (av, idx);
>      block = idx2block (idx);
>      map = av->binmap[block];
>      bit = idx2bit (idx);
> 
>      for (;; )
>        {
>          /* Skip rest of block if there are no more set bits in this block.  
> */
>          if (bit > map || bit == 0)
>            {
>              do
>                {
>                  if (++block >= BINMAPSIZE) /* out of bins */
>                    goto use_top;
>                }
>              while ((map = av->binmap[block]) == 0);
> 
>              bin = bin_at (av, (block << BINMAPSHIFT));
>              bit = 1;
>            }
> 
>          /* Advance to bin with set bit. There must be one. */
>          while ((bit & map) == 0)
>            {
>              bin = next_bin (bin);
>              bit <<= 1;
>              assert (bit != 0);
>            }
> 
>          /* Inspect the bin. It is likely to be non-empty */
>          victim = last (bin);
> 
>          /*  If a false alarm (empty bin), clear the bit. */
>          if (victim == bin)
>            {
>              av->binmap[block] = map &= ~bit; /* Write through */
>              bin = next_bin (bin);
>              bit <<= 1;
>            }
> 
>          else
>            {
>              size = chunksize (victim);
> 
>              /*  We know the first chunk in this bin is big enough to use. */
>              assert ((unsigned long) (size) >= (unsigned long) (nb));
> 
>              remainder_size = size - nb;
> 
>              /* unlink */
>              unlink_chunk (av, victim);
> 
> 
> 




reply via email to

[Prev in Thread] Current Thread [Next in Thread]