diff options
author | Brandt Bucher <brandtbucher@microsoft.com> | 2022-10-06 23:20:01 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-06 23:20:01 (GMT) |
commit | 21a2d9ff550977f2668e2cf1cc15793bf27fa109 (patch) | |
tree | dd65296818dec2b91b48292b04d022929967a406 /Python/frame.c | |
parent | cbf0afd8a1474d68310331af9218606959d4cc22 (diff) | |
download | cpython-21a2d9ff550977f2668e2cf1cc15793bf27fa109.zip cpython-21a2d9ff550977f2668e2cf1cc15793bf27fa109.tar.gz cpython-21a2d9ff550977f2668e2cf1cc15793bf27fa109.tar.bz2 |
GH-97002: Prevent `_PyInterpreterFrame`s from backing more than one `PyFrameObject` (GH-97996)
Diffstat (limited to 'Python/frame.c')
-rw-r--r-- | Python/frame.c | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/Python/frame.c b/Python/frame.c index 96566de..89f084b 100644 --- a/Python/frame.c +++ b/Python/frame.c @@ -37,14 +37,31 @@ _PyFrame_MakeAndSetFrameObject(_PyInterpreterFrame *frame) Py_XDECREF(error_type); Py_XDECREF(error_value); Py_XDECREF(error_traceback); + return NULL; } - else { - assert(frame->owner != FRAME_OWNED_BY_FRAME_OBJECT); - assert(frame->owner != FRAME_CLEARED); - f->f_frame = frame; - frame->frame_obj = f; - PyErr_Restore(error_type, error_value, error_traceback); + PyErr_Restore(error_type, error_value, error_traceback); + if (frame->frame_obj) { + // GH-97002: How did we get into this horrible situation? Most likely, + // allocating f triggered a GC collection, which ran some code that + // *also* created the same frame... while we were in the middle of + // creating it! See test_sneaky_frame_object in test_frame.py for a + // concrete example. + // + // Regardless, just throw f away and use that frame instead, since it's + // already been exposed to user code. It's actually a bit tricky to do + // this, since we aren't backed by a real _PyInterpreterFrame anymore. + // Just pretend that we have an owned, cleared frame so frame_dealloc + // doesn't make the situation worse: + f->f_frame = (_PyInterpreterFrame *)f->_f_frame_data; + f->f_frame->owner = FRAME_CLEARED; + f->f_frame->frame_obj = f; + Py_DECREF(f); + return frame->frame_obj; } + assert(frame->owner != FRAME_OWNED_BY_FRAME_OBJECT); + assert(frame->owner != FRAME_CLEARED); + f->f_frame = frame; + frame->frame_obj = f; return f; } |