# Operations of the Other Bins

When a non-fast chunk is freed, it gets put into the Unsorted Bin. When new chunks are **requested**, glibc looks at all of the bins

* If the requested size is fastbin size, [check the corresponding fastbin](https://elixir.bootlin.com/glibc/glibc-2.3.6/source/malloc/malloc.c#L3849)
  * If there is a chunk in it, return it
* If the requested chunk is of smallbin size, [check the corresponding smallbin](https://elixir.bootlin.com/glibc/glibc-2.3.6/source/malloc/malloc.c#L3868)
  * If there is a chunk in it, return it
* If the requested chunk is large (of largebin size), [we first consolidate the largebins](https://elixir.bootlin.com/glibc/glibc-2.3.6/source/malloc/malloc.c#L3897) with [`malloc_consolidate()`](/notes/binexp/heap/malloc_consolidate.md). We will get into the mechanisms of this at a later point, but essentially I lied earlier - fastbins **do** consolidate, but not on freeing!
* Finally, we iterate through the chunks in the unsorted bin
  * If it is empty, we service the request through making the heap larger by [splitting the top chunk](/notes/binexp/heap/the-top-chunk-and-remainder.md), pushing the now-smaller top chunk to start at a higher memory address
* If the requested size is equal to the size of the chunk in the bin, return the chunk
* If it's smaller, split the chunk in the bin in two and return a portion of the correct size
* If it's larger, we [consolidate the fastbins](https://elixir.bootlin.com/glibc/glibc-2.3.6/source/malloc/malloc.c#L3897), and after this there may be free chunks big enough to service the request
  * If not, we again service the request by [splitting the top chunk](/notes/binexp/heap/the-top-chunk-and-remainder.md) and pushing the now-smaller top chunk to start at a higher memory address

One thing that is very easy to forget is what happens on *allocation* and what happens on *freeing*, as it can be a bit counter-intuitive. For example, the fastbin consolidation is triggered from an allocation!


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ir0nstone.gitbook.io/notes/binexp/heap/bins/chunk-allocation-and-reallocation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.