Issue 36291: [2.7] Coverity Scan: Modules/_json.c: leaked_storage: Variable "numstr" going out of scope leaks the storage it points to. (original) (raw)

Issue36291

Created on 2019-03-14 14:50 by cstratak, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 12330 merged cstratak,2019-03-14 15:00
Messages (4)
msg337927 - (view) Author: Charalampos Stratakis (cstratak) * Date: 2019-03-14 14:50
Coverity reports a leak within the json module: Error: RESOURCE_LEAK (CWE-772): [#def26] Python-2.7.15/Modules/_json.c:1367: alloc_fn: Storage is returned from allocation function "PyString_FromStringAndSize". Python-2.7.15/Objects/stringobject.c:88:5: alloc_fn: Storage is returned from allocation function "PyObject_Malloc". Python-2.7.15/Objects/obmalloc.c:982:5: alloc_fn: Storage is returned from allocation function "malloc". Python-2.7.15/Objects/obmalloc.c:982:5: return_alloc_fn: Directly returning storage allocated by "malloc". Python-2.7.15/Objects/stringobject.c:88:5: var_assign: Assigning: "op" = "PyObject_Malloc(37UL + size)". Python-2.7.15/Objects/stringobject.c:111:5: return_alloc: Returning allocated memory "op". Python-2.7.15/Modules/_json.c:1367: var_assign: Assigning: "numstr" = storage returned from "PyString_FromStringAndSize(&str[start], idx - start)". Python-2.7.15/Modules/_json.c:1379: leaked_storage: Variable "numstr" going out of scope leaks the storage it points to. 1377| NULL, NULL); 1378 if (d == -1.0 && PyErr_Occurred()) 1379 -> return NULL; 1380
msg337934 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-03-14 15:17
Note for myself: Python 3 isn't affected by this issue. The issue in Python 2 is in the _match_number_str() function which doesn't exist in Python 3. In Python 3, _parse_object_unicode() uses a very different code: it calls PyFloat_FromString() or PyLong_FromString() for numstr.
msg337935 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-03-14 15:23
New changeset fb3336acfde3204fd01ce519ef24cc18a94dfa3f by Victor Stinner (stratakis) in branch '2.7': [2.7] bpo-36291: Fix a possible reference leak in the json module (GH-12330) https://github.com/python/cpython/commit/fb3336acfde3204fd01ce519ef24cc18a94dfa3f
msg337936 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-03-14 15:23
Thanks Charalampos, I merged your PR.
History
Date User Action Args
2022-04-11 14:59:12 admin set github: 80472
2019-03-15 21:10:27 matrixise set assignee: matrixise ->
2019-03-14 15:23:42 vstinner set status: open -> closedresolution: fixedmessages: + stage: patch review -> resolved
2019-03-14 15:23:07 vstinner set messages: +
2019-03-14 15:17:50 vstinner set nosy: + vstinnermessages: +
2019-03-14 15:00:17 cstratak set keywords: + patchstage: patch reviewpull_requests: + <pull%5Frequest12301>
2019-03-14 14:58:51 mdk set assignee: matrixisenosy: + matrixise
2019-03-14 14:50:44 cstratak create