Code Analysis: wine heapfree Function

Heapfree

For code location, life, and references, refer to the previous article :)

Heapfree-> rtlfreeheap
This function calls the rtlfrreheap directly. Check the parameters and determine the flag.

Pinuse = (arena_inuse *) PTR-1;
If (! (Subheap = heap_findsubheap (heapptr, pinuse) goto error;
Call the heap_findsubheap function to locate the sub-heap pointer of the inuse block before the current inuse block, and check whether the block is a valid block.

Then call the heap_makeinuseblockfree () function to change the inuse block to idle. Let's take a look at this function:
Heapfree-> rtlfreeheap-> heap_makeinuseblockfree
If (PARENA-> size & arena_flag_prev_free)
First, check whether the size of the space to be released and the previous block are idle. If the previous block is also idle, merge the first idle block and the released block as a larger idle block. If no, only the current block is converted to the idle block.

Then, call heap_createfreeblock to convert the original inuse block into a free block. In fact, it is to change the structure, then convert the flag bit to free, and attach it to the idle queue.
For example
If the free block is not the last block, return to rtlfreeheap and continue execution. If the block converted to free is
The last block of the sub-heap, so we can continue to see that this sub-heap is not the first subheap and is empty. Then the whole subheap is released together.

Code: select all

545     if (((char *)pFree == (char *)subheap->base + subheap->headerSize) &&
546         (subheap != &subheap->heap->subheap))
547     {
548         SIZE_T size = 0;
549         void *addr = subheap->base;
550         /* Remove the free block from the list */
551         list_remove( &pFree->entry );
552         /* Remove the subheap from the list */
553         list_remove( &subheap->entry );
554         /* Free the memory */
555         subheap->magic = 0;
556         NtFreeVirtualMemory( NtCurrentProcess(), &addr, &size, MEM_RELEASE );
557         return;
558     }

Then return to rtlfreeheap (). If the share flag is set and enters the critical section, exit the critical section and return true, indicating that the release is successful.
If an error occurs in the middle of the process, the system redirects to The Goto location, removes the critical section, returns the error code, and returns false.