bpo-40887: Don't use finalized free lists (GH-20700)
In debug mode, ensure that free lists are no longer used after being
finalized. Set numfree to -1 in finalization functions
(eg. _PyList_Fini()), and then check that numfree is not equal to -1
before using a free list (e.g list_dealloc()).
diff --git a/Objects/floatobject.c b/Objects/floatobject.c
index d72fd21..65625fe 100644
--- a/Objects/floatobject.c
+++ b/Objects/floatobject.c
@@ -116,6 +116,10 @@
struct _Py_float_state *state = &interp->float_state;
PyFloatObject *op = state->free_list;
if (op != NULL) {
+#ifdef Py_DEBUG
+ // PyFloat_FromDouble() must not be called after _PyFloat_Fini()
+ assert(state->numfree != -1);
+#endif
state->free_list = (PyFloatObject *) Py_TYPE(op);
state->numfree--;
}
@@ -219,6 +223,10 @@
if (PyFloat_CheckExact(op)) {
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_float_state *state = &interp->float_state;
+#ifdef Py_DEBUG
+ // float_dealloc() must not be called after _PyFloat_Fini()
+ assert(state->numfree != -1);
+#endif
if (state->numfree >= PyFloat_MAXFREELIST) {
PyObject_FREE(op);
return;
@@ -1984,10 +1992,11 @@
_PyFloat_ClearFreeList(PyThreadState *tstate)
{
struct _Py_float_state *state = &tstate->interp->float_state;
- PyFloatObject *f = state->free_list, *next;
- for (; f; f = next) {
- next = (PyFloatObject*) Py_TYPE(f);
+ PyFloatObject *f = state->free_list;
+ while (f != NULL) {
+ PyFloatObject *next = (PyFloatObject*) Py_TYPE(f);
PyObject_FREE(f);
+ f = next;
}
state->free_list = NULL;
state->numfree = 0;
@@ -1997,6 +2006,10 @@
_PyFloat_Fini(PyThreadState *tstate)
{
_PyFloat_ClearFreeList(tstate);
+#ifdef Py_DEBUG
+ struct _Py_float_state *state = &tstate->interp->float_state;
+ state->numfree = -1;
+#endif
}
/* Print summary info about the state of the optimized allocator */
diff --git a/Objects/frameobject.c b/Objects/frameobject.c
index 0fe9f2a..0dad42e 100644
--- a/Objects/frameobject.c
+++ b/Objects/frameobject.c
@@ -595,6 +595,10 @@
else {
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_frame_state *state = &interp->frame;
+#ifdef Py_DEBUG
+ // frame_dealloc() must not be called after _PyFrame_Fini()
+ assert(state->numfree != -1);
+#endif
if (state->numfree < PyFrame_MAXFREELIST) {
++state->numfree;
f->f_back = state->free_list;
@@ -790,6 +794,10 @@
}
}
else {
+#ifdef Py_DEBUG
+ // frame_alloc() must not be called after _PyFrame_Fini()
+ assert(state->numfree != -1);
+#endif
assert(state->numfree > 0);
--state->numfree;
f = state->free_list;
@@ -1188,6 +1196,10 @@
_PyFrame_Fini(PyThreadState *tstate)
{
_PyFrame_ClearFreeList(tstate);
+#ifdef Py_DEBUG
+ struct _Py_frame_state *state = &tstate->interp->frame;
+ state->numfree = -1;
+#endif
}
/* Print summary info about the state of the optimized allocator */
diff --git a/Objects/genobject.c b/Objects/genobject.c
index f7dbfd7..4207d53 100644
--- a/Objects/genobject.c
+++ b/Objects/genobject.c
@@ -1430,6 +1430,11 @@
_PyAsyncGen_Fini(PyThreadState *tstate)
{
_PyAsyncGen_ClearFreeLists(tstate);
+#ifdef Py_DEBUG
+ struct _Py_async_gen_state *state = &tstate->interp->async_gen;
+ state->value_numfree = -1;
+ state->asend_numfree = -1;
+#endif
}
@@ -1474,6 +1479,10 @@
Py_CLEAR(o->ags_sendval);
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_async_gen_state *state = &interp->async_gen;
+#ifdef Py_DEBUG
+ // async_gen_asend_dealloc() must not be called after _PyAsyncGen_Fini()
+ assert(state->asend_numfree != -1);
+#endif
if (state->asend_numfree < _PyAsyncGen_MAXFREELIST) {
assert(PyAsyncGenASend_CheckExact(o));
state->asend_freelist[state->asend_numfree++] = o;
@@ -1632,6 +1641,10 @@
PyAsyncGenASend *o;
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_async_gen_state *state = &interp->async_gen;
+#ifdef Py_DEBUG
+ // async_gen_asend_new() must not be called after _PyAsyncGen_Fini()
+ assert(state->asend_numfree != -1);
+#endif
if (state->asend_numfree) {
state->asend_numfree--;
o = state->asend_freelist[state->asend_numfree];
@@ -1667,6 +1680,10 @@
Py_CLEAR(o->agw_val);
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_async_gen_state *state = &interp->async_gen;
+#ifdef Py_DEBUG
+ // async_gen_wrapped_val_dealloc() must not be called after _PyAsyncGen_Fini()
+ assert(state->value_numfree != -1);
+#endif
if (state->value_numfree < _PyAsyncGen_MAXFREELIST) {
assert(_PyAsyncGenWrappedValue_CheckExact(o));
state->value_freelist[state->value_numfree++] = o;
@@ -1737,6 +1754,10 @@
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_async_gen_state *state = &interp->async_gen;
+#ifdef Py_DEBUG
+ // _PyAsyncGenValueWrapperNew() must not be called after _PyAsyncGen_Fini()
+ assert(state->value_numfree != -1);
+#endif
if (state->value_numfree) {
state->value_numfree--;
o = state->value_freelist[state->value_numfree];
diff --git a/Objects/listobject.c b/Objects/listobject.c
index 043256d..22cdbe3 100644
--- a/Objects/listobject.c
+++ b/Objects/listobject.c
@@ -111,6 +111,10 @@
_PyList_Fini(PyThreadState *tstate)
{
_PyList_ClearFreeList(tstate);
+#ifdef Py_DEBUG
+ struct _Py_list_state *state = &tstate->interp->list;
+ state->numfree = -1;
+#endif
}
/* Print summary info about the state of the optimized allocator */
@@ -135,6 +139,10 @@
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_list_state *state = &interp->list;
PyListObject *op;
+#ifdef Py_DEBUG
+ // PyList_New() must not be called after _PyList_Fini()
+ assert(state->numfree != -1);
+#endif
if (state->numfree) {
state->numfree--;
op = state->free_list[state->numfree];
@@ -330,6 +338,10 @@
}
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_list_state *state = &interp->list;
+#ifdef Py_DEBUG
+ // list_dealloc() must not be called after _PyList_Fini()
+ assert(state->numfree != -1);
+#endif
if (state->numfree < PyList_MAXFREELIST && PyList_CheckExact(op)) {
state->free_list[state->numfree++] = op;
}
diff --git a/Objects/tupleobject.c b/Objects/tupleobject.c
index 951cd1f..8bfa089 100644
--- a/Objects/tupleobject.c
+++ b/Objects/tupleobject.c
@@ -54,6 +54,10 @@
return NULL;
}
#if PyTuple_MAXSAVESIZE > 0
+#ifdef Py_DEBUG
+ // tuple_alloc() must not be called after _PyTuple_Fini()
+ assert(state->numfree[0] != -1);
+#endif
if (size < PyTuple_MAXSAVESIZE && (op = state->free_list[size]) != NULL) {
assert(size != 0);
state->free_list[size] = (PyTupleObject *) op->ob_item[0];
@@ -102,6 +106,10 @@
}
#if PyTuple_MAXSAVESIZE > 0
if (size == 0) {
+#ifdef Py_DEBUG
+ // PyTuple_New() must not be called after _PyTuple_Fini()
+ assert(state->numfree[0] != -1);
+#endif
state->free_list[0] = op;
++state->numfree[0];
Py_INCREF(op); /* extra INCREF so that this is never freed */
@@ -227,6 +235,10 @@
#if PyTuple_MAXSAVESIZE > 0
PyInterpreterState *interp = _PyInterpreterState_GET();
struct _Py_tuple_state *state = &interp->tuple;
+#ifdef Py_DEBUG
+ // tupledealloc() must not be called after _PyTuple_Fini()
+ assert(state->numfree[0] != -1);
+#endif
if (len < PyTuple_MAXSAVESIZE &&
state->numfree[len] < PyTuple_MAXFREELIST &&
Py_IS_TYPE(op, &PyTuple_Type))
@@ -984,6 +996,9 @@
Py_CLEAR(state->free_list[0]);
_PyTuple_ClearFreeList(tstate);
+#ifdef Py_DEBUG
+ state->numfree[0] = -1;
+#endif
#endif
}