pythongh-144563: Fix remote debugging with duplicate libpython mappings from ctypes

claude · claude · commit f88816e6bb2a · 2026-02-08T14:11:27.000Z
When _ctypes is imported, it may call dlopen on the libpython shared library, causing the dynamic linker to load a second mapping of the library into the process address space. The remote debugging code iterates memory regions from low addresses upward and returns the first mapping whose filename matches libpython. After _ctypes is imported, it finds the dlopen'd copy first, but that copy's PyRuntime section was never initialized, so reading debug offsets from it fails. Fix this by validating each candidate PyRuntime address before accepting it. The validation reads the first 8 bytes and checks for the "xdebugpy" cookie that is only present in an initialized PyRuntime. Uninitialized duplicate mappings will fail this check and be skipped, allowing the search to continue to the real, initialized PyRuntime. The validation is only applied when searching for the "PyRuntime" section, not for other sections like "AsyncioDebug" which have different layouts. The fix is applied to all three platform-specific search functions: - macOS: search_map_for_section - Linux: search_linux_map_for_section - Windows: search_windows_map_for_section https://claude.ai/code/session_01PAfGNYfkqzWePF2ejbJHNo
diff --git a/Lib/test/test_external_inspection.py b/Lib/test/test_external_inspection.py
@@ -516,6 +516,44 @@ def foo():
             finally:
                 _cleanup_sockets(client_socket, server_socket)
 
+    @skip_if_not_supported
+    @unittest.skipIf(
+        sys.platform == "linux" and not PROCESS_VM_READV_SUPPORTED,
+        "Test only runs on Linux with process_vm_readv support",
+    )
+    def test_self_trace_after_ctypes_import(self):
+        """Test that RemoteUnwinder works on the same process after _ctypes import.
+
+        When _ctypes is imported, it may call dlopen on the libpython shared
+        library, creating a duplicate mapping in the process address space.
+        The remote debugging code must skip these uninitialized duplicate
+        mappings and find the real PyRuntime. See gh-144563.
+        """
+        # Run the test in a subprocess to avoid side effects
+        script = textwrap.dedent("""\
+            import os
+            import _remote_debugging
+
+            # Should work before _ctypes import
+            unwinder = _remote_debugging.RemoteUnwinder(os.getpid())
+
+            import _ctypes
+
+            # Should still work after _ctypes import (gh-144563)
+            unwinder = _remote_debugging.RemoteUnwinder(os.getpid())
+            """)
+
+        result = subprocess.run(
+            [sys.executable, "-c", script],
+            capture_output=True,
+            text=True,
+            timeout=SHORT_TIMEOUT,
+        )
+        self.assertEqual(
+            result.returncode, 0,
+            f"stdout: {result.stdout}\nstderr: {result.stderr}"
+        )
+
     @skip_if_not_supported
     @unittest.skipIf(
         sys.platform == "linux" and not PROCESS_VM_READV_SUPPORTED,
diff --git a/Python/remote_debug.h b/Python/remote_debug.h
@@ -150,6 +150,27 @@ typedef struct {
     Py_ssize_t page_size;
 } proc_handle_t;
 
+// Forward declaration for use in validation function
+static int
+_Py_RemoteDebug_ReadRemoteMemory(proc_handle_t *handle, uintptr_t remote_address, size_t len, void* dst);
+
+// Validate that a candidate PyRuntime address points to an initialized runtime
+// by checking for the "xdebugpy" cookie. A duplicate mapping (e.g. from ctypes
+// dlopen) will have an uninitialized PyRuntime section and fail this check.
+static int
+_Py_RemoteDebug_ValidatePyRuntimeAddress(proc_handle_t *handle, uintptr_t address)
+{
+    if (address == 0) {
+        return 0;
+    }
+    char cookie[8];
+    if (_Py_RemoteDebug_ReadRemoteMemory(handle, address, sizeof(cookie), cookie) != 0) {
+        PyErr_Clear();
+        return 0;
+    }
+    return memcmp(cookie, "xdebugpy", 8) == 0;
+}
+
 static void
 _Py_RemoteDebug_FreePageCache(proc_handle_t *handle)
 {
@@ -562,7 +583,11 @@ search_map_for_section(proc_handle_t *handle, const char* secname, const char* s
             uintptr_t result = search_section_in_file(
                 secname, map_filename, address, size, proc_ref);
             if (result != 0) {
-                return result;
+                if (strcmp(secname, "PyRuntime") != 0
+                    || _Py_RemoteDebug_ValidatePyRuntimeAddress(handle, result))
+                {
+                    return result;
+                }
             }
         }
 
@@ -754,7 +779,12 @@ search_linux_map_for_section(proc_handle_t *handle, const char* secname, const c
         if (strstr(filename, substr)) {
             retval = search_elf_file_for_section(handle, secname, start, path);
             if (retval) {
-                break;
+                if (strcmp(secname, "PyRuntime") != 0
+                    || _Py_RemoteDebug_ValidatePyRuntimeAddress(handle, retval))
+                {
+                    break;
+                }
+                retval = 0;
             }
         }
     }
@@ -882,9 +912,14 @@ search_windows_map_for_section(proc_handle_t* handle, const char* secname, const
     for (BOOL hasModule = Module32FirstW(hProcSnap, &moduleEntry); hasModule; hasModule = Module32NextW(hProcSnap, &moduleEntry)) {
         // Look for either python executable or DLL
         if (wcsstr(moduleEntry.szModule, substr)) {
-            runtime_addr = analyze_pe(moduleEntry.szExePath, moduleEntry.modBaseAddr, secname);
-            if (runtime_addr != NULL) {
-                break;
+            void *candidate = analyze_pe(moduleEntry.szExePath, moduleEntry.modBaseAddr, secname);
+            if (candidate != NULL) {
+                if (strcmp(secname, "PyRuntime") != 0
+                    || _Py_RemoteDebug_ValidatePyRuntimeAddress(handle, (uintptr_t)candidate))
+                {
+                    runtime_addr = candidate;
+                    break;
+                }
             }
         }
     }
