@@ -1236,6 +1236,20 @@ update_global_state_for_extension(PyThreadState *tstate,
12361236 assert (!is_core_module (tstate -> interp , name , path ));
12371237 assert (PyUnicode_CompareWithASCIIString (name , "sys" ) != 0 );
12381238 assert (PyUnicode_CompareWithASCIIString (name , "builtins" ) != 0 );
1239+ /* XXX gh-88216: The copied dict is owned by the current
1240+ * interpreter. That's a problem if the interpreter has
1241+ * its own obmalloc state or if the module is successfully
1242+ * imported into such an interpreter. If the interpreter
1243+ * has its own GIL then there may be data races and
1244+ * PyImport_ClearModulesByIndex() can crash. Normally,
1245+ * a single-phase init module cannot be imported in an
1246+ * isolated interpreter, but there are ways around that.
1247+ * Hence, heere be dragons! Ideally we would instead do
1248+ * something like make a read-only, immortal copy of the
1249+ * dict using PyMem_RawMalloc() and store *that* in m_copy.
1250+ * Then we'd need to make sure to clear that when the
1251+ * runtime is finalized, rather than in
1252+ * PyImport_ClearModulesByIndex(). */
12391253 if (def -> m_base .m_copy ) {
12401254 /* Somebody already imported the module,
12411255 likely under a different name.
@@ -1337,6 +1351,13 @@ import_find_extension(PyThreadState *tstate,
13371351 Py_DECREF (mod );
13381352 return NULL ;
13391353 }
1354+ /* We can't set mod->md_def if it's missing,
1355+ * because _PyImport_ClearModulesByIndex() might break
1356+ * due to violating interpreter isolation. See the note
1357+ * in fix_up_extension_for_interpreter(). Until that
1358+ * is solved, we leave md_def set to NULL. */
1359+ assert (_PyModule_GetDef (mod ) == NULL
1360+ || _PyModule_GetDef (mod ) == def );
13401361 }
13411362 else {
13421363 if (def -> m_base .m_init == NULL )
0 commit comments