From 8cf9dfadd111091711e6414a2c9bbb144a5bf6c6 Mon Sep 17 00:00:00 2001 From: CoderSilicon Date: Tue, 16 Jun 2026 10:06:01 +0530 Subject: [PATCH 1/3] gh-151515: Fix incorrect function pointer cast in asdl_c.py generator --- Parser/asdl_c.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Parser/asdl_c.py b/Parser/asdl_c.py index e2a57177d20afb7..14fe70000b829ab 100755 --- a/Parser/asdl_c.py +++ b/Parser/asdl_c.py @@ -2274,7 +2274,7 @@ def generate_module_def(mod, metadata, f, internal_h): PyInterpreterState *interp = _PyInterpreterState_GET(); struct ast_state *state = &interp->ast; assert(!state->finalized); - if (_PyOnceFlag_CallOnce(&state->once, (_Py_once_fn_t *)&init_types, state) < 0) { + if (_PyOnceFlag_CallOnce(&state->once, &init_types, state) < 0) { return NULL; } return state; From 56bdc1e1fec77e90eeda599494afefea50708aeb Mon Sep 17 00:00:00 2001 From: CoderSilicon Date: Wed, 17 Jun 2026 12:50:49 +0530 Subject: [PATCH 2/3] regen-ast --- Python/Python-ast.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Python/Python-ast.c b/Python/Python-ast.c index 49b6bf1d12b6fab..a8cc3847b3154ff 100644 --- a/Python/Python-ast.c +++ b/Python/Python-ast.c @@ -23,7 +23,7 @@ get_ast_state(void) PyInterpreterState *interp = _PyInterpreterState_GET(); struct ast_state *state = &interp->ast; assert(!state->finalized); - if (_PyOnceFlag_CallOnce(&state->once, (_Py_once_fn_t *)&init_types, state) < 0) { + if (_PyOnceFlag_CallOnce(&state->once, &init_types, state) < 0) { return NULL; } return state; From 5026f24950c828a2b8016f753d7a0597e393f3e8 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Wed, 17 Jun 2026 08:12:30 +0000 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2026-06-17-08-12-29.gh-issue-151515.0rJRKv.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 Misc/NEWS.d/next/C_API/2026-06-17-08-12-29.gh-issue-151515.0rJRKv.rst diff --git a/Misc/NEWS.d/next/C_API/2026-06-17-08-12-29.gh-issue-151515.0rJRKv.rst b/Misc/NEWS.d/next/C_API/2026-06-17-08-12-29.gh-issue-151515.0rJRKv.rst new file mode 100644 index 000000000000000..16bbf07af7e2b98 --- /dev/null +++ b/Misc/NEWS.d/next/C_API/2026-06-17-08-12-29.gh-issue-151515.0rJRKv.rst @@ -0,0 +1,12 @@ +Summary + +This PR fixes an undefined behavior bug in the C code generated by Parser/asdl_c.py for get_ast_state(). +The Problem + +In the generated code, _PyOnceFlag_CallOnce is invoked like this: +_PyOnceFlag_CallOnce(&state->once, (_Py_once_fn_t *)&init_types, state) + +Using &init_types passes a pointer to a function pointer (effectively a double pointer), rather than the function pointer itself. by forcing this with an explicit cast (_Py_once_fn_t *) silences the compiler but triggers a strict aliasing violation and undefined behavior at runtime when the pointer is dereferenced. This can lead to compiler-optimization-driven segmentation faults, particularly in free-threaded/GIL-disabled builds where one-time initialization flags are heavily relied upon. +The Fix + +Updated Parser/asdl_c.py to pass init_types directly with a standard function pointer cast (_Py_once_fn_t)init_types (removing the extra & and *). Ran make regen-ast to cleanly update the generated files.