diff options
| author | Victor Stinner <vstinner@python.org> | 2023-09-29 02:04:06 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-29 02:04:06 (GMT) |
| commit | 2e37a38bcbfbe1357436e030538290e7d00b668d (patch) | |
| tree | 65166d46d6e1b41dbe93485347f26ed01eaa31b2 /Python | |
| parent | 235aacdeed71afa6572ffad15155e781cc70bad1 (diff) | |
| download | cpython-2e37a38bcbfbe1357436e030538290e7d00b668d.zip cpython-2e37a38bcbfbe1357436e030538290e7d00b668d.tar.gz cpython-2e37a38bcbfbe1357436e030538290e7d00b668d.tar.bz2 | |
gh-110052: Fix faulthandler for freed tstate (#110069)
faulthandler now detected freed interp and freed tstate, and no
longer dereference them.
Diffstat (limited to 'Python')
| -rw-r--r-- | Python/traceback.c | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/Python/traceback.c b/Python/traceback.c index a75b783..7e791d0 100644 --- a/Python/traceback.c +++ b/Python/traceback.c @@ -1215,23 +1215,45 @@ dump_frame(int fd, _PyInterpreterFrame *frame) PUTS(fd, "\n"); } +static int +tstate_is_freed(PyThreadState *tstate) +{ + if (_PyMem_IsPtrFreed(tstate)) { + return 1; + } + if (_PyMem_IsPtrFreed(tstate->interp)) { + return 1; + } + return 0; +} + + +static int +interp_is_freed(PyInterpreterState *interp) +{ + return _PyMem_IsPtrFreed(interp); +} + + static void dump_traceback(int fd, PyThreadState *tstate, int write_header) { - _PyInterpreterFrame *frame; - unsigned int depth; - if (write_header) { PUTS(fd, "Stack (most recent call first):\n"); } - frame = tstate->current_frame; + if (tstate_is_freed(tstate)) { + PUTS(fd, " <tstate is freed>\n"); + return; + } + + _PyInterpreterFrame *frame = tstate->current_frame; if (frame == NULL) { PUTS(fd, " <no Python frame>\n"); return; } - depth = 0; + unsigned int depth = 0; while (1) { if (MAX_FRAME_DEPTH <= depth) { PUTS(fd, " ...\n"); @@ -1295,9 +1317,6 @@ const char* _Py_DumpTracebackThreads(int fd, PyInterpreterState *interp, PyThreadState *current_tstate) { - PyThreadState *tstate; - unsigned int nthreads; - if (current_tstate == NULL) { /* _Py_DumpTracebackThreads() is called from signal handlers by faulthandler. @@ -1313,6 +1332,10 @@ _Py_DumpTracebackThreads(int fd, PyInterpreterState *interp, current_tstate = PyGILState_GetThisThreadState(); } + if (current_tstate != NULL && tstate_is_freed(current_tstate)) { + return "tstate is freed"; + } + if (interp == NULL) { if (current_tstate == NULL) { interp = _PyGILState_GetInterpreterStateUnsafe(); @@ -1327,14 +1350,18 @@ _Py_DumpTracebackThreads(int fd, PyInterpreterState *interp, } assert(interp != NULL); + if (interp_is_freed(interp)) { + return "interp is freed"; + } + /* Get the current interpreter from the current thread */ - tstate = PyInterpreterState_ThreadHead(interp); + PyThreadState *tstate = PyInterpreterState_ThreadHead(interp); if (tstate == NULL) return "unable to get the thread head state"; /* Dump the traceback of each thread */ tstate = PyInterpreterState_ThreadHead(interp); - nthreads = 0; + unsigned int nthreads = 0; _Py_BEGIN_SUPPRESS_IPH do { |