From fe997e1a67835a929705c8c305d41c4d7dd326e3 Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@python.org>
Date: Mon, 30 Aug 2021 15:24:39 +0200
Subject: bpo-44449: faulthandler don't modify frame refcnt (GH-27850)

Fix a crash in the signal handler of the faulthandler module: no
longer modify the reference count of frame objects.
---
 .../next/Library/2021-08-20-11-30-52.bpo-44449.1r2-lS.rst      |  2 ++
 Python/traceback.c                                             | 10 +++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2021-08-20-11-30-52.bpo-44449.1r2-lS.rst

diff --git a/Misc/NEWS.d/next/Library/2021-08-20-11-30-52.bpo-44449.1r2-lS.rst b/Misc/NEWS.d/next/Library/2021-08-20-11-30-52.bpo-44449.1r2-lS.rst
new file mode 100644
index 0000000..52f0154
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-08-20-11-30-52.bpo-44449.1r2-lS.rst
@@ -0,0 +1,2 @@
+Fix a crash in the signal handler of the :mod:`faulthandler` module: no
+longer modify the reference count of frame objects. Patch by Victor Stinner.
diff --git a/Python/traceback.c b/Python/traceback.c
index f7dc5ad..88ffc01 100644
--- a/Python/traceback.c
+++ b/Python/traceback.c
@@ -796,7 +796,10 @@ dump_traceback(int fd, PyThreadState *tstate, int write_header)
         PUTS(fd, "Stack (most recent call first):\n");
     }
 
-    frame = PyThreadState_GetFrame(tstate);
+    // Use a borrowed reference. Avoid Py_INCREF/Py_DECREF, since this function
+    // can be called in a signal handler by the faulthandler module which must
+    // not modify Python objects.
+    frame = tstate->frame;
     if (frame == NULL) {
         PUTS(fd, "<no Python frame>\n");
         return;
@@ -805,17 +808,14 @@ dump_traceback(int fd, PyThreadState *tstate, int write_header)
     depth = 0;
     while (1) {
         if (MAX_FRAME_DEPTH <= depth) {
-            Py_DECREF(frame);
             PUTS(fd, "  ...\n");
             break;
         }
         if (!PyFrame_Check(frame)) {
-            Py_DECREF(frame);
             break;
         }
         dump_frame(fd, frame);
-        PyFrameObject *back = PyFrame_GetBack(frame);
-        Py_DECREF(frame);
+        PyFrameObject *back = frame->f_back;
 
         if (back == NULL) {
             break;
-- 
cgit v0.12