Issue 21967: Interpreter crash upon accessing frame.f_restricted of a frame from a dead thread (original) (raw)

If you store a reference to a frame from a dead thread and then access frame.f_restricted python eventually crashed.

I didn't investigate this bug in depth. Here is my preliminary explanation.

The access of frame.f_restricted causes a call of PyFrame_IsRestricted(f).

PyFrame_IsRestricted is a macro and expands to ((f)->f_builtins != (f)->f_tstate->interp->builtins)

Now, if the thread that created f is already dead, the f_tstate points to an invalid structure. Depending on the content of the memory the access of f_tstate->interp causes an access violation. I use a Win32 debug build to reliable reproduce the issue.