gh-146452: Fix pickle segfault when pickling dict with concurrent mutation

[overlorde]

batch_dict_exact() in _pickle.c iterates dict items using PyDict_Next() which returns borrowed references. Without a critical section, a concurrent dict mutation can invalidate the borrowed reference before Py_INCREF, causing a segfault.

The fix wraps PyDict_Next() + Py_INCREF in Py_BEGIN_CRITICAL_SECTION(obj) to prevent the dict from being mutated while converting borrowed refs to owned refs. Same approach as the existing set iteration path in the same file (line 3656).

Crashes on both 3.14t (stock install) and main (with ASan). Reproducer in the linked issue.

• Existing test_pickle passes (1000 tests, no regressions)
• Added test_free_threading/test_pickle.py that segfaults without the fix and passes with it

• Issue: Segfault in _pickle.c:batch_dict_exact when pickling dict with concurrent mutation (free-threading) #146452

[overlorde]

The set has a better way of doing this, should we go that way?

[vstinner]

The critical section should be on the outer loop, not just on a single call according to the PyDict_Next() documentation:

      Py_BEGIN_CRITICAL_SECTION(self->dict);
      while (PyDict_Next(self->dict, &pos, &key, &value)) {
          ...
      }
      Py_END_CRITICAL_SECTION();

[overlorde]

@vstinner thanks, there are two ways to do this, either go with the current go-to for wrapping up with the critical section, or make a new batch_dict_impl then wrap it with criticial_section_begin or critical_section_end inside the batch_dict. Tradeoff is adding an extra function, but way cleaner than the go-to approach because of its multiple layers of condition check based returns. I'm making a modification to my PR in a while.

[vstinner]

Please avoid git push --force since it makes reviews harder to follow in GitHub.

[overlorde]

Admitting the mistake. should i open a new pr again or work on it? i couldn't catch the UBsan failure locally. but another run fixed it on remote.