Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Memory leaks and crasher in sphinx3_get_hypothesis found in cmusphinx3-0.8-10.fc17 using gcc-with-cpychecker static analyzer|
|Product:||[Fedora] Fedora||Reporter:||Dave Malcolm <dmalcolm>|
|Component:||cmusphinx3||Assignee:||Jerry James <loganjerry>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||cmusphinx3-0.8-11.fc17||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2012-02-28 05:58:48 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Dave Malcolm 2012-02-16 11:22:04 EST
Description of problem: I've been writing an experimental static analysis tool to detect bugs commonly occurring within C Python extension modules: https://fedorahosted.org/gcc-python-plugin/ http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html http://fedoraproject.org/wiki/Features/StaticAnalysisOfPythonRefcounts I ran the latest version of the tool (in git master; post 0.9) on cmusphinx3-0.8-10.fc17.src.rpm, and it reports various errors. You can see a list of errors here, triaged into categories (from most significant to least significant): http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-02-16/cmusphinx3-0.8-10.fc17/ The two reported reference leaks appear to be genuine bugs: in this code: 231 return Py_BuildValue("(OO)", hypstr_obj, hypseg_obj); both hypstr_obj and hypseg_obj are references owned by the function. The "O" format codes to Py_BuildValue build the 2-tuple by adding additional references. It should instead use the "N" format code to transfer ownership of the owned references to the new tuple. See: http://docs.python.org/c-api/arg.html#Py_BuildValue The reported "Segfaults within error-handling paths" appears to also be a genuine bug: there isn't any checking for the possibility that this call: 206 hypseg_obj = PyTuple_New(nhyps); fails (e.g. under low-memory conditions), returning NULL, and this pointer is then written through at: 228 PyTuple_SET_ITEM(hypseg_obj, i, seg_obj); There may of course be other bugs in my checker tool. Hope this is helpful; let me know if you need help reading the logs that the tool generates - I know that it could use some improvement. Version-Release number of selected component (if applicable): cmusphinx3-0.8-10.fc17 gcc-python-plugin post-0.9 git 073d390de53ef52136bd90e5ac06f1ef833d047d running the checker in an *f16* chroot
Comment 1 Jerry James 2012-02-16 11:33:53 EST
Ah, very cool. I'm a big fan of static analysis tools myself. I'll forward your report upstream and work with them to fix these bugs. Thanks!
Comment 2 Jerry James 2012-02-17 13:28:40 EST
A patch to fix both issues was accepted upstream. I'll apply the patch and rebuild. Thanks again.
Comment 3 Fedora Update System 2012-02-17 15:36:57 EST
cmusphinx3-0.8-11.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/cmusphinx3-0.8-11.fc17
Comment 4 Fedora Update System 2012-02-17 21:24:56 EST
Package cmusphinx3-0.8-11.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing cmusphinx3-0.8-11.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-1945/cmusphinx3-0.8-11.fc17 then log in and leave karma (feedback).
Comment 5 Fedora Update System 2012-02-28 05:58:48 EST
cmusphinx3-0.8-11.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.