Fix use-after-free in tl_pending_args across subinterpreters

Clear tl_pending_args to NULL whenever tl_pending_callback is set to
false. Previously, the thread-local pointer was left dangling after
callback completion. When a dirty scheduler thread later handled a
different subinterpreter's code, Py_XDECREF on the stale pointer
would attempt to free memory from the wrong allocator.

Author: benoitc

c_src/py_callback.c

@@ -563,6 +563,7 @@ static PyObject *build_pending_callback_exc_args(void) {
     PyObject *exc_args = PyTuple_New(3);
     if (exc_args == NULL) {
         tl_pending_callback = false;
+        Py_CLEAR(tl_pending_args);
         return NULL;
     }
 
@@ -575,6 +576,7 @@ static PyObject *build_pending_callback_exc_args(void) {
         Py_XDECREF(func_name_obj);
         Py_DECREF(exc_args);
         tl_pending_callback = false;
+        Py_CLEAR(tl_pending_args);
         return NULL;
     }
 
@@ -610,6 +612,7 @@ static ERL_NIF_TERM build_suspended_result(ErlNifEnv *env, suspended_state_t *su
     ERL_NIF_TERM args_term = py_to_term(env, tl_pending_args);
 
     tl_pending_callback = false;
+    Py_CLEAR(tl_pending_args);
 
     return enif_make_tuple4(env,
         ATOM_SUSPENDED,
@@ -811,6 +814,7 @@ static ERL_NIF_TERM build_suspended_context_result(ErlNifEnv *env, suspended_con
     ERL_NIF_TERM args_term = py_to_term(env, tl_pending_args);
 
     tl_pending_callback = false;
+    Py_CLEAR(tl_pending_args);
 
     return enif_make_tuple4(env,
         ATOM_SUSPENDED,
@@ -1290,6 +1294,19 @@ PyTypeObject ErlangPidType = {
 static PyObject *erlang_call_impl(PyObject *self, PyObject *args) {
     (void)self;
 
+    /*
+     * Invariant check: pending callback TLS must be clear when entering.
+     * If any state is still set, it's leaked from a prior context that didn't
+     * properly clean up - fail loudly rather than risk cross-interpreter corruption.
+     */
+    if (tl_pending_callback || tl_pending_args != NULL ||
+        tl_pending_func_name != NULL || tl_pending_callback_id != 0) {
+        PyErr_SetString(PyExc_RuntimeError,
+            "erlang.call: stale pending callback TLS detected - "
+            "prior context did not clean up properly");
+        return NULL;
+    }
+
     /*
      * Check if we have a callback handler available.
      * Priority:
@@ -1553,6 +1570,7 @@ static PyObject *erlang_call_impl(PyObject *self, PyObject *args) {
     tl_pending_func_name = enif_alloc(func_name_len + 1);
     if (tl_pending_func_name == NULL) {
         tl_pending_callback = false;
+        Py_CLEAR(tl_pending_args);
         Py_DECREF(call_args);
         PyErr_SetString(PyExc_MemoryError, "Failed to allocate function name");
         return NULL;
@@ -1561,9 +1579,12 @@ static PyObject *erlang_call_impl(PyObject *self, PyObject *args) {
     tl_pending_func_name[func_name_len] = '\0';
     tl_pending_func_name_len = func_name_len;
 
-    /* Store args (take ownership) */
-    Py_XDECREF(tl_pending_args);
-    tl_pending_args = call_args;  /* Takes ownership, don't decref */
+    /* Store args (take ownership)
+     * Use Py_XSETREF for swap-first pattern: sets tl_pending_args to new value
+     * BEFORE decref'ing old value. This prevents re-entrancy issues if the old
+     * object's finalizer triggers another erlang.call() during decref.
+     */
+    Py_XSETREF(tl_pending_args, call_args);
 
     /* Raise exception to abort Python execution */
     PyErr_SetString(SuspensionRequiredException, "callback pending");
@@ -2649,6 +2670,7 @@ static ERL_NIF_TERM nif_resume_callback_dirty(ErlNifEnv *env, int argc, const ER
                     Py_DECREF(exc_args);
                     if (new_suspended == NULL) {
                         tl_pending_callback = false;
+                        Py_CLEAR(tl_pending_args);
                         result = make_error(env, "create_nested_suspended_state_failed");
                     } else {
                         result = build_suspended_result(env, new_suspended);
@@ -2717,6 +2739,7 @@ static ERL_NIF_TERM nif_resume_callback_dirty(ErlNifEnv *env, int argc, const ER
                         Py_DECREF(exc_args);
                         if (new_suspended == NULL) {
                             tl_pending_callback = false;
+                            Py_CLEAR(tl_pending_args);
                             result = make_error(env, "create_nested_suspended_state_failed");
                         } else {
                             result = build_suspended_result(env, new_suspended);

c_src/py_exec.c

@@ -306,6 +306,7 @@ static void process_request(py_request_t *req) {
                     Py_DECREF(exc_args);
                     if (suspended == NULL) {
                         tl_pending_callback = false;
+                        Py_CLEAR(tl_pending_args);
                         req->result = make_error(env, "create_suspended_state_failed");
                     } else {
                         req->result = build_suspended_result(env, suspended);
@@ -393,6 +394,7 @@ static void process_request(py_request_t *req) {
                         Py_DECREF(exc_args);
                         if (suspended == NULL) {
                             tl_pending_callback = false;
+                            Py_CLEAR(tl_pending_args);
                             req->result = make_error(env, "create_suspended_state_failed");
                         } else {
                             req->result = build_suspended_result(env, suspended);

c_src/py_nif.c

@@ -116,6 +116,24 @@ __thread char *tl_pending_func_name = NULL;
 __thread size_t tl_pending_func_name_len = 0;
 __thread PyObject *tl_pending_args = NULL;
 
+/**
+ * Clear all pending callback thread-local state.
+ *
+ * Must be called at context boundaries while still in the correct interpreter
+ * context, to prevent cross-interpreter contamination if Python code caught
+ * and swallowed SuspensionRequiredException.
+ */
+static inline void clear_pending_callback_tls(void) {
+    tl_pending_callback = false;
+    tl_pending_callback_id = 0;
+    if (tl_pending_func_name != NULL) {
+        enif_free(tl_pending_func_name);
+        tl_pending_func_name = NULL;
+    }
+    tl_pending_func_name_len = 0;
+    Py_CLEAR(tl_pending_args);
+}
+
 /* Thread-local timeout state */
 __thread uint64_t tl_timeout_deadline = 0;
 __thread bool tl_timeout_enabled = false;
@@ -2280,6 +2298,7 @@ static ERL_NIF_TERM nif_context_call(ErlNifEnv *env, int argc, const ERL_NIF_TER
 
             if (suspended == NULL) {
                 tl_pending_callback = false;
+                Py_CLEAR(tl_pending_args);
                 result = make_error(env, "create_suspended_state_failed");
             } else {
                 result = build_suspended_context_result(env, suspended);
@@ -2298,6 +2317,9 @@ static ERL_NIF_TERM nif_context_call(ErlNifEnv *env, int argc, const ERL_NIF_TER
     tl_allow_suspension = prev_allow_suspension;
     tl_current_context = prev_context;
 
+    /* Clear pending callback TLS before releasing context */
+    clear_pending_callback_tls();
+
     enif_free(module_name);
     enif_free(func_name);
 
@@ -2382,6 +2404,7 @@ static ERL_NIF_TERM nif_context_eval(ErlNifEnv *env, int argc, const ERL_NIF_TER
 
             if (suspended == NULL) {
                 tl_pending_callback = false;
+                Py_CLEAR(tl_pending_args);
                 result = make_error(env, "create_suspended_state_failed");
             } else {
                 result = build_suspended_context_result(env, suspended);
@@ -2399,6 +2422,9 @@ static ERL_NIF_TERM nif_context_eval(ErlNifEnv *env, int argc, const ERL_NIF_TER
     tl_allow_suspension = prev_allow_suspension;
     tl_current_context = prev_context;
 
+    /* Clear pending callback TLS before releasing context */
+    clear_pending_callback_tls();
+
     enif_free(code);
 
     /* Release thread state using centralized guard */
@@ -2867,12 +2893,14 @@ static ERL_NIF_TERM nif_context_resume(ErlNifEnv *env, int argc, const ERL_NIF_T
 
                 if (nested == NULL) {
                     tl_pending_callback = false;
+                    Py_CLEAR(tl_pending_args);
                     result = make_error(env, "create_nested_suspended_state_failed");
                 } else {
                     /* Copy accumulated callback results from parent to nested state */
                     if (copy_callback_results_to_nested(nested, state) != 0) {
                         enif_release_resource(nested);
                         tl_pending_callback = false;
+                        Py_CLEAR(tl_pending_args);
                         result = make_error(env, "copy_callback_results_failed");
                     } else {
                         result = build_suspended_context_result(env, nested);
@@ -2921,12 +2949,14 @@ static ERL_NIF_TERM nif_context_resume(ErlNifEnv *env, int argc, const ERL_NIF_T
 
                 if (nested == NULL) {
                     tl_pending_callback = false;
+                    Py_CLEAR(tl_pending_args);
                     result = make_error(env, "create_nested_suspended_state_failed");
                 } else {
                     /* Copy accumulated callback results from parent to nested state */
                     if (copy_callback_results_to_nested(nested, state) != 0) {
                         enif_release_resource(nested);
                         tl_pending_callback = false;
+                        Py_CLEAR(tl_pending_args);
                         result = make_error(env, "copy_callback_results_failed");
                     } else {
                         result = build_suspended_context_result(env, nested);
@@ -2951,6 +2981,9 @@ static ERL_NIF_TERM nif_context_resume(ErlNifEnv *env, int argc, const ERL_NIF_T
     tl_allow_suspension = prev_allow_suspension;
     tl_current_context = prev_context;
 
+    /* Clear pending callback TLS before releasing context */
+    clear_pending_callback_tls();
+
     /* Release thread state using centralized guard */
     py_context_release(&guard);