pythongh-107137: Add _PyTuple_NewNoTrack() internal C API

Add _PyTuple_NewNoTrack() and _PyTuple_ResizeNoTrack() functions to
the internal C API: similar to PyTuple_New() and _PyTuple_Resize(),
but don't track the tuple by the GC.

Modify PySequence_Tuple() to use these functions. It prevents leaking
the tuple which is being initialized in the GC, via functions like
gc.get_referrers(). Previously, accessing to such partially
initialized tuple could crash Python.

Now PySequence_Tuple() only tracks the tuple once it's fully
initialized.

Author: vstinner

Include/internal/pycore_tuple.h

@@ -10,6 +10,8 @@ extern "C" {
 
 extern void _PyTuple_MaybeUntrack(PyObject *);
 extern void _PyTuple_DebugMallocStats(FILE *out);
+extern PyObject* _PyTuple_NewNoTrack(Py_ssize_t size);
+extern int _PyTuple_ResizeNoTrack(PyObject **pv, Py_ssize_t newsize);
 
 /* runtime lifecycle */
 

Objects/abstract.c

@@ -8,6 +8,7 @@
 #include "pycore_long.h"          // _Py_IsNegative
 #include "pycore_pyerrors.h"      // _PyErr_Occurred()
 #include "pycore_pystate.h"       // _PyThreadState_GET()
+#include "pycore_tuple.h"         // _PyTuple_NewNoTrack()
 #include "pycore_unionobject.h"   // _PyUnion_Check()
 #include <ctype.h>
 #include <stddef.h>               // offsetof()
@@ -2074,11 +2075,6 @@ PySequence_DelSlice(PyObject *s, Py_ssize_t i1, Py_ssize_t i2)
 PyObject *
 PySequence_Tuple(PyObject *v)
 {
-    PyObject *it;  /* iter(v) */
-    Py_ssize_t n;             /* guess for result tuple size */
-    PyObject *result = NULL;
-    Py_ssize_t j;
-
     if (v == NULL) {
         return null_error();
     }
@@ -2095,24 +2091,31 @@ PySequence_Tuple(PyObject *v)
         return PyList_AsTuple(v);
 
     /* Get iterator. */
-    it = PyObject_GetIter(v);
-    if (it == NULL)
+    PyObject *it = PyObject_GetIter(v);  // iter(v)
+    if (it == NULL) {
         return NULL;
+    }
 
     /* Guess result size and allocate space. */
-    n = PyObject_LengthHint(v, 10);
-    if (n == -1)
-        goto Fail;
-    result = PyTuple_New(n);
-    if (result == NULL)
+    Py_ssize_t n = PyObject_LengthHint(v, 10);  // guess for result tuple size
+    if (n == -1) {
+        Py_DECREF(it);
+        return NULL;
+    }
+
+    PyObject *result = _PyTuple_NewNoTrack(n);
+    if (result == NULL) {
         goto Fail;
+    }
 
     /* Fill the tuple. */
-    for (j = 0; ; ++j) {
+    Py_ssize_t j = 0;
+    for (; ; ++j) {
         PyObject *item = PyIter_Next(it);
         if (item == NULL) {
-            if (PyErr_Occurred())
+            if (PyErr_Occurred()) {
                 goto Fail;
+            }
             break;
         }
         if (j >= n) {
@@ -2132,7 +2135,7 @@ PySequence_Tuple(PyObject *v)
                 goto Fail;
             }
             n = (Py_ssize_t)newn;
-            if (_PyTuple_Resize(&result, n) != 0) {
+            if (_PyTuple_ResizeNoTrack(&result, n) != 0) {
                 Py_DECREF(item);
                 goto Fail;
             }
@@ -2141,11 +2144,15 @@ PySequence_Tuple(PyObject *v)
     }
 
     /* Cut tuple back if guess was too large. */
-    if (j < n &&
-        _PyTuple_Resize(&result, j) != 0)
+    if (j < n && _PyTuple_ResizeNoTrack(&result, j) != 0) {
         goto Fail;
-
+    }
     Py_DECREF(it);
+
+    // No need to track the empty tuple singleton
+    if (j != 0) {
+        PyObject_GC_Track(result);
+    }
     return result;
 
 Fail:

Objects/tupleobject.c

@@ -66,23 +66,35 @@ tuple_get_empty(void)
 }
 
 PyObject *
-PyTuple_New(Py_ssize_t size)
+_PyTuple_NewNoTrack(Py_ssize_t size)
 {
-    PyTupleObject *op;
     if (size == 0) {
         return tuple_get_empty();
     }
-    op = tuple_alloc(size);
+    PyTupleObject *op = tuple_alloc(size);
     if (op == NULL) {
         return NULL;
     }
     for (Py_ssize_t i = 0; i < size; i++) {
         op->ob_item[i] = NULL;
     }
-    _PyObject_GC_TRACK(op);
     return (PyObject *) op;
 }
 
+PyObject *
+PyTuple_New(Py_ssize_t size)
+{
+    if (size == 0) {
+        return tuple_get_empty();
+    }
+    PyObject *op = _PyTuple_NewNoTrack(size);
+    if (op == NULL) {
+        return NULL;
+    }
+    _PyObject_GC_TRACK(op);
+    return op;
+}
+
 Py_ssize_t
 PyTuple_Size(PyObject *op)
 {
@@ -894,8 +906,8 @@ PyTypeObject PyTuple_Type = {
    efficiently.  In any case, don't use this if the tuple may already be
    known to some other part of the code. */
 
-int
-_PyTuple_Resize(PyObject **pv, Py_ssize_t newsize)
+static int
+tuple_resize(PyObject **pv, Py_ssize_t newsize, int track)
 {
     PyTupleObject *v;
     PyTupleObject *sv;
@@ -927,7 +939,12 @@ _PyTuple_Resize(PyObject **pv, Py_ssize_t newsize)
         /* The empty tuple is statically allocated so we never
            resize it in-place. */
         Py_DECREF(v);
-        *pv = PyTuple_New(newsize);
+        if (track) {
+            *pv = PyTuple_New(newsize);
+        }
+        else {
+            *pv = _PyTuple_NewNoTrack(newsize);
+        }
         return *pv == NULL ? -1 : 0;
     }
 
@@ -952,14 +969,29 @@ _PyTuple_Resize(PyObject **pv, Py_ssize_t newsize)
     }
     _Py_NewReferenceNoTotal((PyObject *) sv);
     /* Zero out items added by growing */
-    if (newsize > oldsize)
+    if (newsize > oldsize) {
         memset(&sv->ob_item[oldsize], 0,
                sizeof(*sv->ob_item) * (newsize - oldsize));
+    }
     *pv = (PyObject *) sv;
-    _PyObject_GC_TRACK(sv);
+    if (track) {
+        _PyObject_GC_TRACK(*pv);
+    }
     return 0;
 }
 
+int
+_PyTuple_ResizeNoTrack(PyObject **pv, Py_ssize_t newsize)
+{
+    return tuple_resize(pv, newsize, 0);
+}
+
+int
+_PyTuple_Resize(PyObject **pv, Py_ssize_t newsize)
+{
+    return tuple_resize(pv, newsize, 1);
+}
+
 
 static void maybe_freelist_clear(PyInterpreterState *, int);