Bug 800116

Summary: Bugs found in pyhunspell-0.1-6.fc17 using gcc-with-cpychecker static analyzer
Product: [Fedora] Fedora Reporter: Dave Malcolm <dmalcolm>
Component: pyhunspellAssignee: Mike FABIAN <mfabian>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: mfabian, opensource
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-03-05/pyhunspell-0.1-6.fc17/
Whiteboard:
Fixed In Version: pyhunspell-0.3.3-1.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-03 20:51:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 789472    

Description Dave Malcolm 2012-03-05 19:13:46 UTC 
Description of problem:
I've been writing an experimental static analysis tool to detect bugs commonly occurring within C Python extension modules:
  https://fedorahosted.org/gcc-python-plugin/
  http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html
  http://fedoraproject.org/wiki/Features/StaticAnalysisOfPythonRefcounts

I ran the latest version of the tool (in git master; post 0.9) on
pyhunspell-0.1-6.fc17.src.rpm, and it reports various errors.

You can see a list of errors here, triaged into categories (from most significant to least significant):
http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-03-05/pyhunspell-0.1-6.fc17/

I've manually reviewed the issues reported by the tool.

Within the category "Reference leaks" the 4 issues reported appear to be genuine  memory leaks, each of the form:
   PyList_Append(list, Py_BuildValue())
When Py_BuildValue() succeeds it returns a new reference, but PyList_Append doesn't steal that reference, it adds a new reference.  Hence this leaks a reference to the built value, and it becomes "immortal" for the rest of the lifetime of the process.

Within the category "Segfaults within error-handling paths" the 4 issues reported are for the same code as the above, considering the case where the PyList_New() call fails (e.g. due to out of memory), it will return NULL, and then the PyList_Append(NULL, item) call will segfault.  Note that the Py_BuildValue() and PyList_Append calls could also fail.

Suggested fix is to add an intermediate value, changing the calls to:

    slist_list = PyList_New(0);
    if (!slist_list) {
        return NULL;
    }

within the loop:
    PyObject *item; 
    item = Py_BuildValue(etc);
    if (!item) {
        Py_DECREF(slist_list);
        return NULL;
    }
    if (-1 == PyList_Append(slist_list, item)) {
        Py_DECREF(slist_list);
        Py_DECREF(item);
        return NULL;
    }
    Py_DECREF(item);

or similar.

There may of course be other bugs in my checker tool.

Hope this is helpful; let me know if you need help reading the logs that the tool generates - I know that it could use some improvement.

Version-Release number of selected component (if applicable):
pyhunspell-0.1-6.fc17
gcc-python-plugin post-0.9 git 11462291a66c8db693c8884cb84b795bb5988ffb running the checker in an *f16* chroot
Comment 1 Till Maas 2012-03-21 18:02:48 UTC 
Can you maybe discuss this with upstream?
http://code.google.com/p/pyhunspell/issues/list
Comment 2 Dave Malcolm 2012-03-21 18:54:29 UTC 
(In reply to comment #1)
> Can you maybe discuss this with upstream?
> http://code.google.com/p/pyhunspell/issues/list
Thanks; I've filed this upstream as
  http://code.google.com/p/pyhunspell/issues/detail?id=4
Comment 3 Fedora Admin XMLRPC Client 2013-01-10 06:37:16 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 4 Fedora Update System 2013-01-11 15:49:17 UTC 
pyhunspell-0.1-9.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/pyhunspell-0.1-9.fc18
Comment 5 Fedora Update System 2013-01-12 15:06:41 UTC 
Package pyhunspell-0.1-9.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pyhunspell-0.1-9.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-0639/pyhunspell-0.1-9.fc18
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-01-23 16:12:31 UTC 
pyhunspell-0.1-9.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2015-12-22 13:34:05 UTC 
pyhunspell-0.3.3-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f005f839a8
Comment 8 Fedora Update System 2015-12-23 00:10:06 UTC 
pyhunspell-0.3.3-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f005f839a8
Comment 9 Fedora Update System 2016-02-03 20:51:41 UTC 
pyhunspell-0.3.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.