From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Thu, 13 Jan 2022 18:50:09 +0000 (-0800)
Subject: bpo-46070: _PyGC_Fini() untracks objects (GH-30577)
X-Git-Tag: v3.10.3~215^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e6bb17fe29713368e1fd93d9ac9611017c4f570c;p=thirdparty%2FPython%2Fcpython.git

bpo-46070: _PyGC_Fini() untracks objects (GH-30577)


Py_EndInterpreter() now explicitly untracks all objects currently
tracked by the GC. Previously, if an object was used later by another
interpreter, calling PyObject_GC_UnTrack() on the object crashed if
the previous or the next object of the PyGC_Head structure became a
dangling pointer.
(cherry picked from commit 1a4d1c1c9b08e75e88aeac90901920938f649832)

Co-authored-by: Victor Stinner <vstinner@python.org>
---

diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-01-13-17-58-56.bpo-46070.q8IGth.rst b/Misc/NEWS.d/next/Core and Builtins/2022-01-13-17-58-56.bpo-46070.q8IGth.rst
new file mode 100644
index 000000000000..4ed088f9898e
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2022-01-13-17-58-56.bpo-46070.q8IGth.rst	
@@ -0,0 +1,5 @@
+:c:func:`Py_EndInterpreter` now explicitly untracks all objects currently
+tracked by the GC. Previously, if an object was used later by another
+interpreter, calling :c:func:`PyObject_GC_UnTrack` on the object crashed if the
+previous or the next object of the :c:type:`PyGC_Head` structure became a
+dangling pointer. Patch by Victor Stinner.
diff --git a/Modules/gcmodule.c b/Modules/gcmodule.c
index e5e5aa3287b0..805a159d53d6 100644
--- a/Modules/gcmodule.c
+++ b/Modules/gcmodule.c
@@ -2162,12 +2162,36 @@ _PyGC_DumpShutdownStats(PyInterpreterState *interp)
     }
 }
 
+
+static void
+gc_fini_untrack(PyGC_Head *list)
+{
+    PyGC_Head *gc;
+    for (gc = GC_NEXT(list); gc != list; gc = GC_NEXT(list)) {
+        PyObject *op = FROM_GC(gc);
+        _PyObject_GC_UNTRACK(op);
+    }
+}
+
+
 void
 _PyGC_Fini(PyInterpreterState *interp)
 {
     GCState *gcstate = &interp->gc;
     Py_CLEAR(gcstate->garbage);
     Py_CLEAR(gcstate->callbacks);
+
+    if (!_Py_IsMainInterpreter(interp)) {
+        // bpo-46070: Explicitly untrack all objects currently tracked by the
+        // GC. Otherwise, if an object is used later by another interpreter,
+        // calling PyObject_GC_UnTrack() on the object crashs if the previous
+        // or the next object of the PyGC_Head structure became a dangling
+        // pointer.
+        for (int i = 0; i < NUM_GENERATIONS; i++) {
+            PyGC_Head *gen = GEN_HEAD(gcstate, i);
+            gc_fini_untrack(gen);
+        }
+    }
 }
 
 /* for debugging */