[Python-checkins] [3.11] GH-93252: Fix error handling for failed Python calls (GH-94693) (GH-94708)

Sat Jul 9 08:09:23 EDT 2022

https://github.com/python/cpython/commit/7a341724e4dc8188f01ac338deaa414c4e6542c4
commit: 7a341724e4dc8188f01ac338deaa414c4e6542c4
branch: 3.11
author: Kumar Aditya <59607654+kumaraditya303 at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2022-07-09T05:09:15-07:00
summary:

[3.11] GH-93252: Fix error handling for failed Python calls (GH-94693) (GH-94708)



Automerge-Triggered-By: GH:tiran

files:
A Misc/NEWS.d/next/Core and Builtins/2022-07-08-11-44-45.gh-issue-93252.i2358c.rst
M Lib/test/test_call.py
M Python/ceval.c

diff --git a/Lib/test/test_call.py b/Lib/test/test_call.py
index 6936f093e3db1..07355e8fa0616 100644
--- a/Lib/test/test_call.py
+++ b/Lib/test/test_call.py
@@ -26,6 +26,18 @@ def fn(**kw):
         self.assertIsInstance(res, dict)
         self.assertEqual(list(res.items()), expected)
 
+    def test_frames_are_popped_after_failed_calls(self):
+        # GH-93252: stuff blows up if we don't pop the new frame after
+        # recovering from failed calls:
+        def f():
+            pass
+        for _ in range(1000):
+            try:
+                f(None)
+            except TypeError:
+                pass
+        # BOOM!
+
 
 @cpython_only
 class CFunctionCallsErrorMessages(unittest.TestCase):
diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-07-08-11-44-45.gh-issue-93252.i2358c.rst b/Misc/NEWS.d/next/Core and Builtins/2022-07-08-11-44-45.gh-issue-93252.i2358c.rst
new file mode 100644
index 0000000000000..1cc2d8560e53e
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2022-07-08-11-44-45.gh-issue-93252.i2358c.rst	
@@ -0,0 +1,2 @@
+Fix an issue that caused internal frames to outlive failed Python function
+calls, possibly resulting in memory leaks or hard interpreter crashes.
diff --git a/Python/ceval.c b/Python/ceval.c
index 1a5454570518f..c69ea21c14993 100644
--- a/Python/ceval.c
+++ b/Python/ceval.c
@@ -6370,7 +6370,7 @@ _PyEvalFramePushAndInit(PyThreadState *tstate, PyFunctionObject *func,
     }
     if (initialize_locals(tstate, func, localsarray, args, argcount, kwnames)) {
         assert(frame->owner != FRAME_OWNED_BY_GENERATOR);
-        _PyFrame_Clear(frame);
+        _PyEvalFrameClearAndPop(tstate, frame);
         return NULL;
     }
     return frame;
@@ -6392,6 +6392,10 @@ _PyEvalFramePushAndInit(PyThreadState *tstate, PyFunctionObject *func,
 static void
 _PyEvalFrameClearAndPop(PyThreadState *tstate, _PyInterpreterFrame * frame)
 {
+    // Make sure that this is, indeed, the top frame. We can't check this in
+    // _PyThreadState_PopFrame, since f_code is already cleared at that point:
+    assert((PyObject **)frame + frame->f_code->co_nlocalsplus +
+        frame->f_code->co_stacksize + FRAME_SPECIALS_SIZE == tstate->datastack_top);
     tstate->recursion_remaining--;
     assert(frame->frame_obj == NULL || frame->frame_obj->f_frame == frame);
     assert(frame->owner == FRAME_OWNED_BY_THREAD);

