gh-92036: Fix gc_fini_untrack() (#92037)

Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called.
2022-05-04 11:59:01 +02:00 · 2022-05-04 11:59:01 +02:00 · 14243369b5
parent d20bb33f78
commit 14243369b5
2 changed files with 11 additions and 0 deletions
--- a/Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst
+++ b/Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst
@ -0,0 +1,5 @@
+Fix a crash in subinterpreters related to the garbage collector. When a
+subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a
+crash in deallocator functions expecting objects to be tracked by the GC, leak
+a strong reference to these objects on purpose, so they are never deleted and
+their deallocator functions are not called. Patch by Victor Stinner.
--- a/Modules/gcmodule.c
+++ b/Modules/gcmodule.c
@ -2165,6 +2165,12 @@ gc_fini_untrack(PyGC_Head *list)
    for (gc = GC_NEXT(list); gc != list; gc = GC_NEXT(list)) {
        PyObject *op = FROM_GC(gc);
        _PyObject_GC_UNTRACK(op);
+        // gh-92036: If a deallocator function expect the object to be tracked
+        // by the GC (ex: func_dealloc()), it can crash if called on an object
+        // which is no longer tracked by the GC. Leak one strong reference on
+        // purpose so the object is never deleted and its deallocator is not
+        // called.
+        Py_INCREF(op);
    }
 }