gh-122928: asserting that the tstate pointer is non-NULL using assert

[Wulian233]

To prevent dangling pointer issues, adding a check for NULL ensures that invalid pointers are not dereferenced

This is my first time contributing to the C part of python and maybe there will be some issues

• Issue: asserting that the tstate pointer is non-NULL using assert #122928

[ZeroIntensity]

I'm not totally sure this fix is necessary :(

A NULL check doesn't prevent any problems with dangling pointers, since they are non-NULL.

[kumaraditya303]

Adding NULL pointer checks doesn't prevent dangling pointers.

[bedevere-app]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[ZeroIntensity]

It might be best to just turn this into an assertion assert(tstate != NULL)

[Wulian233]

Can I solve this by

int
_PyThreadState_MustExit(PyThreadState *tstate)
{
    static inline PyThreadState *
    get_current_tstate(void)
    {
        PyThreadState *tstate = _PyThreadState_GET();
        if (tstate == NULL) {
            (void)check_interp(NULL);
            return NULL;
        }
        return check_interp(tstate->interp) ? tstate : NULL;
    }

    PyThreadState *current_tstate = get_current_tstate();
    if (current_tstate == NULL) {
        return 1;
    }

   ...
}

(code from https://github.com/python/cpython/blob/main/Python/_warnings.c#L45-L45)

[ZeroIntensity]

No, check_interp just makes sure that it's non-NULL, not dangling. It's very difficult to safely detect if something is an invalid pointer at runtime, you should leave that to tools like valgrind. (FWIW, C doesn't support inline functions like in your snippet.)

[Wulian233]

I see. Finally, let's use assert(tstate! = NULL) Thank you for your review

[ZeroIntensity]

FWIW, I think this should be a "skip news."
We are just enforcing a pre-condition, as @picnixz mentioned, users will not see these changes.

[Wulian233]

deleted

[ZeroIntensity]

Looks good, now we're just validating a precondition. @kumaraditya303, could you re-review?

[vstinner]

This change is wrong. There are exactly 4 calls to this function. 1 in _threadmodule.c, 3 in ceval_gil.c. All code paths check that tstate is not NULL before calling _PyThreadState_MustExit().

Moreover, I don't understand which problem you are trying to solve here. Dangling pointers cannot be avoided by checking a pointer value (NULL or anything else).

[ZeroIntensity]

Yeah, this was originally conceived as a way to prevent dangling pointers, but there was some misunderstanding on the difference between a NULL and dangling pointer. It eventually just got turned into an assertion.