fix(profiling): placement new for all containers post fork

Author: KowalskiThomas

ddtrace/internal/datadog/profiling/stack/echion/echion/echion_sampler.h

@@ -122,13 +122,23 @@ class EchionSampler
         // took its snapshot. Traversing a corrupted list to free nodes would crash.
         frame_cache_.postfork_child();
 
-        // Clear stale entries from parent process.
-        // No lock needed: only one thread exists in child immediately after fork.
-        task_link_map_.clear();
-        weak_task_link_map_.clear();
-        greenlet_info_map_.clear();
-        greenlet_parent_map_.clear();
-        greenlet_thread_map_.clear();
+        // Use placement new for all containers the sampling thread writes to.
+        // The sampling thread may have been mid-operation (insert, erase, rehash)
+        // on any of these when fork() was called. Calling .clear() would traverse
+        // potentially corrupted internal state and crash via _int_free_merge_chunk.
+        // Placement new reconstructs an empty container without reading the old
+        // data at all (intentional one-time memory leak per fork).
+        new (&thread_info_map_) std::unordered_map<uintptr_t, ThreadInfo::Ptr>();
+        new (&task_link_map_) std::unordered_map<PyObject*, PyObject*>();
+        new (&weak_task_link_map_) std::unordered_map<PyObject*, PyObject*>();
+        new (&greenlet_info_map_) std::unordered_map<GreenletInfo::ID, GreenletInfo::Ptr>();
+        new (&greenlet_parent_map_) std::unordered_map<GreenletInfo::ID, GreenletInfo::ID>();
+        new (&greenlet_thread_map_) std::unordered_map<uintptr_t, GreenletInfo::ID>();
+        new (&previous_task_objects_) std::unordered_set<PyObject*>();
+
+        asyncio_frame_cache_key_.reset();
+        uvloop_frame_cache_key_.reset();
+        asyncio_task_count_ = 0;
 
         // Reset the scratch set via placement new instead of clear() for the
         // same fork-safety reason as frame_cache_: the Sampling Thread may have

ddtrace/internal/datadog/profiling/stack/src/sampler.cpp

@@ -497,12 +497,14 @@ Sampler::postfork_child()
     auto current_thread_id = reinterpret_cast<uintptr_t>(pthread_self());
 #endif
 
-    // Extract the current ThreadInfo name if possible. All the other information needs to be updated.
-    auto it = thread_info_map.find(current_thread_id);
-    std::string name = it != thread_info_map.end() ? it->second->name : "MainThread";
 
-    // Clear all entries, we have extracted everything we care about.
-    thread_info_map.clear();
+    // thread_info_map was already reset via placement new in echion->postfork_child()
+    // above, so it is empty here. We cannot safely read the old ThreadInfo name
+    // because the sampling thread may have been mid-operation on the map or on a
+    // ThreadInfo's FrameStack when fork() was called, leaving heap state corrupted.
+    // Default to "MainThread"; the name is cosmetic and will be updated on the next
+    // thread registration cycle.
+    const std::string name = "MainThread";
 
     // After fork, the current thread is the main (and only) thread,
     // so native_id == pid.

ddtrace/internal/datadog/profiling/stack/src/stack_renderer.cpp

@@ -253,8 +253,12 @@ Datadog::StackRenderer::StackRenderer()
 void
 Datadog::StackRenderer::postfork_child()
 {
-    // Clear the caches to avoid using stale interned string/function IDs
-    // from the parent process's dictionary
-    string_id_cache.clear();
-    function_id_cache.clear();
+    // Use placement new instead of .clear() because the sampling thread may
+    // have been mid-rehash on either cache when fork() was called. Traversing
+    // corrupted bucket/node pointers would crash; placement new abandons the
+    // old data safely (intentional one-time memory leak per fork).
+    new (&string_id_cache) std::unordered_map<StringTable::Key, string_id>();
+    new (&function_id_cache)
+      std::unordered_map<internal::PtrPair, function_id, internal::PtrPairHash, internal::PtrPairEq>();
+    sample = nullptr;
 }