[3.13] gh-122527: Fix a crash on deallocation of PyStructSequence (GH-122577) (#122625)

gh-122527: Fix a crash on deallocation of `PyStructSequence` (GH-122577)

The `PyStructSequence` destructor would crash if it was deallocated after
its type's dictionary was cleared by the GC, because it couldn't compute
the "real size" of the instance. This could occur with relatively
straightforward code in the free-threaded build or with a reference
cycle involving the type in the default build, due to differing orders
in which `tp_clear()` was called.

Account for the non-sequence fields in `tp_basicsize` and use that,
along with `Py_SIZE()`, to compute the "real" size of a
`PyStructSequence` in the dealloc function. This avoids the accesses to
the type's dictionary during dealloc, which were unsafe.
(cherry picked from commit 4b63cd170e)

Co-authored-by: Sam Gross <colesbury@gmail.com>

Lib/test/test_structseq.py

@@ -2,8 +2,10 @@
 import os
 import pickle
 import re
+import textwrap
 import time
 import unittest
+from test.support import script_helper
 
 
 class StructSeqTest(unittest.TestCase):
@@ -342,6 +344,17 @@ def test_copy_replace_with_unnamed_fields(self):
         with self.assertRaisesRegex(TypeError, error_message):
             copy.replace(r, st_mode=1, error=2)
 
+    def test_reference_cycle(self):
+        # gh-122527: Check that a structseq that's part of a reference cycle
+        # with its own type doesn't crash. Previously, if the type's dictionary
+        # was cleared first, the structseq instance would crash in the
+        # destructor.
+        script_helper.assert_python_ok("-c", textwrap.dedent(r"""
+            import time
+            t = time.gmtime()
+            type(t).refcyle = t
+        """))
+
 
 if __name__ == "__main__":
     unittest.main()