[Python-Dev] remaining issues from Klocwork static analysis (original) (raw)

Neal Norwitz nnorwitz at gmail.com
Tue Jul 25 07:50:46 CEST 2006

• Previous message: [Python-Dev] outstanding bugs to fix for 2.5
• Next message: [Python-Dev] remaining issues from Klocwork static analysis
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've fixed most of the problems (or determined they weren't problems) from all the warnings issued by Klocwork's static analysis tool. The following are outstanding issues.

This first group looks like real problems to me:

74 Object/funcobject.c:143 Suspicious deref of ptr before NULL check

#169 Modules/threadmodule.c:497 Memory Leak

28 Modules/_sre.c:987 Array Index Out of Bounds

Buffer overflow, array index of 'mark' may be outside the
bounds. Array 'mark' of size 200 declared at sre.h:77 may use
index values 0..536870911. Also there are 3 similar errors on
lines 1006, 1225, 1237.  (Try limiting mark on line 589?)

#174 Modules/unicodedata.c:432 Array Index Out of Bounds

Buffer overflow, array index of 'decomp_prefix' may be outside the
bounds. Array 'decomp_prefix' of size 18 declared at
unicodedata_db.h:529 may use index values 18..255. Also there is one
similar error on line 433.

36 Modules/cPickle.c:3404 Memory Leak

Memory leak. Dynamic memory stored in 's' allocated through
function 'pystrndup' at line 3384 is lost at line 3404.

s should not be freed on line 3407, but earlier.
PDATA_PUSH can return on error and s will not be freed.

61 Modules/_sqlite/cursor.c:599 Null pointer may be dereferenced

Null pointer 'self->statement' that comes from line 674 may be
dereferenced by passing argument 1 to function
'statement_mark_dirty' at line 599.

Most of these seem suspect. I'm not so sure about them, but I haven't looked into some at all. Let me know if you want the details for any of these or if you can provide an analysis to demonstrate they are incorrect.

Null pointer may be dereferenced Python/ast.c:641 Null pointer may be dereferenced Python/ast.c:656 Ptr will be derefed after it was positively checked for NULL Python/compile.c:3020 Null pointer may be passed to function that may dereference it Python/compile.c:4459 Array Index Out of Bounds Modules/_sre.c:987 Array Index Out of Bounds Object/longobject.c:1787 Array Index Out of Bounds Object/longobject.c:2475 Array Index Out of Bounds Python/sysmodule.c:1016

Array Index Out of Bounds Python/getpath.c:285 Buffer Overflow - Non-null Terminated String Python/getpath.c:432 Unvalidated User Input Buffer Overflow-Non-Null Terminated String Python/getpath.c:431 Unvalidated User Input Buffer Overflow-Non-Null Terminated String Python/getpath.c:496 Unvalidated User Input Buffer Overflow-Non-Null Terminated String Python/getpath.c:497

Let me know if you want more info about any particular report. It would be great to have some help and fix these.

n

• Previous message: [Python-Dev] outstanding bugs to fix for 2.5
• Next message: [Python-Dev] remaining issues from Klocwork static analysis
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list