Bug fix for virtual_overrider_self_life_support ASAN heap-use-after-free failure. (#2942)

* Porting subset of absltest code from reproducer provided by @elkhrt. Baseline for debugging ASAN heap-use-after-free. * Moving Py_DECREF to resolve ASAN heap-use-after-free failure. * Fixing trivial formatting issue. * Workaround for clang 3.6 and 3.7.
2026-05-12 17:26:13 +00:00 · 2021-04-08 22:56:46 -07:00
parent 7eb6d6f695
commit 2b4fbbd521
4 changed files with 68 additions and 2 deletions
--- a/include/pybind11/virtual_overrider_self_life_support.h
+++ b/include/pybind11/virtual_overrider_self_life_support.h
@@ -26,10 +26,10 @@ struct virtual_overrider_self_life_support {
            void *value_void_ptr = loaded_v_h.value_ptr();
            if (value_void_ptr != nullptr) {
                PyGILState_STATE threadstate = PyGILState_Ensure();
-                Py_DECREF((PyObject *) loaded_v_h.inst);
-                loaded_v_h.value_ptr() = nullptr;
+                loaded_v_h.value_ptr()       = nullptr;
                loaded_v_h.holder<pybindit::memory::smart_holder>().release_disowned();
                detail::deregister_instance(loaded_v_h.inst, value_void_ptr, loaded_v_h.type);
+                Py_DECREF((PyObject *) loaded_v_h.inst); // Must be after deregister.
                PyGILState_Release(threadstate);
            }
        }