Hi guys: i found i intresting things when i fix a memory leak issue on may platform which based on musl c library. the issue has been fixed but a puzzle leave it to me. in the file of malloc/mallocng/malloc.c, a function called "alloc_meta" says that as belows,so you can see the brk pointer of brk system call parmeter never decrease the brk, is not it ? did gilibc also does like this way? why design like this, thank you ! struct meta *alloc_meta(void) { struct meta *m; unsigned char *p; if (!ctx.init_done) { #ifndef PAGESIZE ctx.pagesize = get_page_size(); #endif ctx.secret = get_random_secret(); ctx.init_done = 1; } size_t pagesize = PGSZ; if (pagesize < 4096) pagesize = 4096; if ((m = dequeue_head(&ctx.free_meta_head))) return m; if (!ctx.avail_meta_count) { int need_unprotect = 1; if (!ctx.avail_meta_area_count && ctx.brk!=-1) { uintptr_t new = ctx.brk + pagesize; int need_guard = 0; if (!ctx.brk) { need_guard = 1; ctx.brk = brk(0); // some ancient kernels returned _ebss // instead of next page as initial brk. ctx.brk += -ctx.brk & (pagesize-1); new = ctx.brk + 2*pagesize; } if (brk(new) != new) { ctx.brk = -1; } else { if (need_guard) mmap((void *)ctx.brk, pagesize, PROT_NONE, MAP_ANON|MAP_PRIVATE|MAP_FIXED, -1, 0); ctx.brk = new; ctx.avail_meta_areas = (void *)(new - pagesize); ctx.avail_meta_area_count = pagesize>>12; need_unprotect = 0; } } if (!ctx.avail_meta_area_count) { size_t n = 2UL << ctx.meta_alloc_shift; p = mmap(0, n*pagesize, PROT_NONE, MAP_PRIVATE|MAP_ANON, -1, 0); if (p==MAP_FAILED) return 0; ctx.avail_meta_areas = p + pagesize; ctx.avail_meta_area_count = (n-1)*(pagesize>>12); ctx.meta_alloc_shift++; /\ 63,15-43 10%