Argument Clinic str_converter generate such code when encoding is set
(see function test_str_converter_encoding in file Lib/test/clinic.test):

    /* -- snip -- */
    if (!_PyArg_ParseStack(args, nargs, "esesetes#et#:test_str_converter_encoding",
        "idna", &a, "idna", &b, "idna", &c, "idna", &d, &d_length, "idna", &e, &e_length)) {
        goto exit;
    }
    return_value = test_str_converter_encoding_impl(module, a, b, c, d, d_length, e, e_length);

exit:
    /* Cleanup for a */
    if (a) {
       PyMem_FREE(a);
    }
    /* Cleanup for b */
    if (b) {
       PyMem_FREE(b);
    }
    /* Cleanup for c */
    if (c) {
       PyMem_FREE(c);
    }
    /* -- snip -- */

If parsing a successes, a will be assigned an address points to an allocated memory.
After that, if parsing b fails, the memory which a points to is freed by function _PyArg_ParseStack,
and _PyArg_ParseStack returns 0, then control flow goes to label "exit".
At this time, a is not NULL, so the memory it points to is freed again, which cause a double-free problem and a runtime crash.

This bug is found in #96178 "Argument Clinic functional test".

• PR: gh-99240: Fix double-free bug in Argument Clinic str_converter generated code #99241

• PR: gh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing #99890

• PR: [3.11] gh-99240: Fix double-free bug in Argument Clinic str_converter generated code (GH-99241) #100352

• PR: [3.10] gh-99240: Fix double-free bug in Argument Clinic str_converter generated code (GH-99241) #100353

• PR: [3.11] gh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (GH-99890) #100385

• PR: [3.10] gh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (GH-99890) #100386