src/impl_: use trampoline in pyo3_module_state_init

bazaah · bazaah · commit 9ccfc084d0d4 · 2025-11-20T11:54:20.000Z
So we can return a real error if our state ptr is null. The upstream cpython builtins just assert non-null, so this is probably fine References: https://github.com/python/cpython/blob/v3.13.0/Modules/_sqlite/module.h#L80-L81 References: https://github.com/python/cpython/blob/v3.13.0/Modules/_io/_iomodule.h#L172-L173 References: https://github.com/python/cpython/blob/v3.13.0/Modules/_blake2/blake2module.c#L33-L34
diff --git a/src/impl_/pymodule.rs b/src/impl_/pymodule.rs
@@ -25,6 +25,7 @@ use std::sync::atomic::{AtomicI64, Ordering};
 
 #[cfg(not(any(PyPy, GraalPy)))]
 use crate::exceptions::PyImportError;
+use crate::impl_::trampoline::trampoline;
 use crate::prelude::PyTypeMethods;
 use crate::{
     ffi,
@@ -319,20 +320,20 @@ impl PyAddToModule for ModuleDef {
 /// [`Py_mod_exec`]: https://docs.python.org/3/c-api/module.html#c.Py_mod_exec
 pub unsafe extern "C" fn pyo3_module_state_init(module: *mut ffi::PyObject) -> c_int {
     unsafe {
-        let state: *mut MaybeUninit<ModuleState> = ffi::PyModule_GetState(module).cast();
+        trampoline(|_| {
+            let state: *mut MaybeUninit<ModuleState> = ffi::PyModule_GetState(module).cast();
 
-        if state.is_null() {
-            // TODO: Not sure what to do here... but it means m_size was <= 0
-            // so we have no memory space to write into...
-            //
-            // Set a PyErr and return -1?
-            return 0;
-        }
+            // CPython builtins just assert this, but cross ffi panics are tricky, so we return an
+            // error instead
+            if state.is_null() {
+                return Err(PyImportError::new_err("PyO3 per-module state was null. This is a bug in the Python interpreter runtime."));
+            }
 
-        (*state).write(ModuleState::new());
-    }
+            (*state).write(ModuleState::new());
 
-    0
+            Ok(0)
+        })
+    }
 }
 
 /// Called during deallocation of the module object.
