mirror of
https://github.com/pybind/pybind11.git
synced 2026-05-13 01:36:21 +00:00
0a45af2531
* gh-5991: Fix segfault during finalization related to function_record This patch was developed with assistance from Claude Code Opus 4.6 Here's Claude's explanation of the crash mechanism and some reasoning for the difficulty to repro: `tp_dealloc_impl` calls `cpp_function::destruct` which: 1. Calls `std::free()` on function_record string members (`name`, `doc`, `signature`) 2. Calls `arg.value.dec_ref()` on default argument values 3. Calls `delete rec` on the function_record But it never calls `PyObject_Free(self)` or `Py_DECREF(Py_TYPE(self))`, which are required for heap types. During `_Py_Finalize`, final GC collects the heap types (which survive module dict clearing via `tp_mro` self-references). This triggers a massive cascade: `type_dealloc → property_dealloc → meth_dealloc → tp_dealloc_impl → destruct`. At scale (~1,200+ function_records), the volume of `delete`/`free` calls corrupts heap metadata, causing subsequent `std::free()` to receive garbage pointers → SEGV. * Add detail::py_is_finalizing() wrapper to deduplicate version-guarded #ifdef blocks Also fixes clang-tidy readability-implicit-bool-conversion warnings. Made-with: Cursor --------- Co-authored-by: Ralf W. Grosse-Kunstleve <rgrossekunst@nvidia.com>