_sqlite3 C module: sqlite3_shutdown is not safe to call with sub-interpreters #140042
Description
Bug report
Bug description:
The _sqlite3 module is marked as safe for sub-interpreters which means the module initialization function gets run in each.
#87671 updated the module init to explicitly call sqlite3_initialize and if the any the CPython level stuff fails, it calls sqlite3_shutdown on error.
That means this flow can happen in the same process:
- Module load in interpreter 1
* Calls sqlite3_initialize
* Opens connections, does work, all is good - Module load in interpreter 2
* Calls sqlite3_initialize
* Python things fail
* Error handling calls sqlite3_shutdown
The sqlite3_shutdown call will free all SQLite allocated memory leaving all the pointers in interpreter 1 pointing to now freed memory, leading to crashes etc.
The documentation is rather confusing, but examining the code for sqlite3_shutdown is clear. See discussion on SQLite forum.
My recommendation is to remove the call to sqlite3_shutdown. SQLite default configuration is to auto-initialize which means all the internal code calls sqlite3_initialize. The unitialized state is where you can do some configuration with sqlite3_config but that isn't exposed by the module and would have to be done by some other means (ctypes?).
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response