[Bug 800085] New: Memory leaks found in py-radix-0.5-9.fc17 using
gcc-with-cpychecker static analyzer
bugzilla@redhat.com [bugzilla@redhat.com]
Sent: Monday, March 05, 2012 11:40 AM
Summary: Memory leaks found in py-radix-0.5-9.fc17 using gcc-with-cpychecker
static analyzer
https://bugzilla.redhat.com/show_bug.cgi?id=800085
Summary: Memory leaks found in py-radix-0.5-9.fc17 using
gcc-with-cpychecker static analyzer
Product: Fedora
Version: rawhide
Platform: Unspecified
URL: http://fedorapeople.org/~dmalcolm/gcc-python-plugin/20
12-03-05/py-radix-0.5-9.fc17/
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: py-radix
AssignedTo: matt_domsch@dell.com
ReportedBy: dmalcolm@redhat.com
QAContact: extras-qa@fedoraproject.org
CC: matt_domsch@dell.com
Blocks: 789472
Estimated Hours: 0.0
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Description of problem:
I've been writing an experimental static analysis tool to detect bugs commonly
occurring within C Python extension modules:
https://fedorahosted.org/gcc-python-plugin/
http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html
http://fedoraproject.org/wiki/Features/StaticAnalysisOfPythonRefcounts
I ran the latest version of the tool (in git master; post 0.9) on
py-radix-0.5-9.fc17.src.rpm, and it reports various errors.
You can see a list of errors here, triaged into categories (from most
significant to least significant):
http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-03-05/py-radix-0.5-9.fc
17/
I've manually reviewed the issues reported by the tool.
Within the category "Reference leaks" the 2 issues reported appear to reflect
genuine memory leaks within the code:
PyList_Append adds a new reference to the item passed it, it doesn't steal a
reference, hence:
PyList_Append(list, Py_BuildValue())
will leak a reference to the built value.
Also, Py_BuildValue("O") adds a new reference for the result to the input
object, rather than stealing one. The subsequent Py_INCREF on the inputs is
thus erroneous. (also Py_BuildValue("(OO)" could fail if the 2-tuple can't be
allocated when under low memory conditions).
Within the category "Reference count too low within an initialization routine"
the 1 issue reported is inconsequential.
Within the category "Possible reference leaks" the 1 issue reported may or may
not be a bug, depending on whether radix_getstate() returns a borrowed
reference or a new one. The Py_INCREF following a Py_BuildValue("O") looks
incorrect also.
Within the category "Returning (PyObject*)NULL without setting an exception"
the 3 issues reported may well be false positives: the checker doesn't know
whether or now args_to_prefix sets an exception when it returns NULL.
There may of course be other bugs in my checker tool.
Hope this is helpful; let me know if you need help reading the logs that the
tool generates - I know that it could use some improvement.
Version-Release number of selected component (if applicable):
py-radix-0.5-9.fc17
gcc-python-plugin post-0.9 git 11462291a66c8db693c8884cb84b795bb5988ffb running
the checker in an *f16* chroot
Original issue reported on code.google.com by mdom...@gmail.com on 6 Mar 2012 at 5:11
Original issue reported on code.google.com by
mdom...@gmail.com
on 6 Mar 2012 at 5:11