Bug 800154

Summary: Bugs found in python-iwlib-1.1-2.fc17 using gcc-with-cpychecker static analyzer
Product: [Fedora] Fedora Reporter: Dave Malcolm <dmalcolm>
Component: python-iwlibAssignee: Jiri Popelka <jpopelka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jpopelka
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-03-05/python-iwlib-1.1-2.fc17/
Whiteboard:
Fixed In Version: python-iwlib-1.2-1.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-18 18:56:29 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 789472    

Description Dave Malcolm 2012-03-05 15:59:31 EST
Description of problem:
I've been writing an experimental static analysis tool to detect bugs commonly occurring within C Python extension modules:
  https://fedorahosted.org/gcc-python-plugin/
  http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html
  http://fedoraproject.org/wiki/Features/StaticAnalysisOfPythonRefcounts

I ran the latest version of the tool (in git master; post 0.9) on
python-iwlib-1.1-2.fc17.src.rpm, and it reports various errors.

You can see a list of errors here, triaged into categories (from most significant to least significant):
http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-03-05/python-iwlib-1.1-2.fc17/

I've manually reviewed the issues reported by the tool; all of them appear to relate to code of this form:

   PyDict_SetItem(dict,
                  PyString_FromString("some_key"),
                  PyString_FromString(buffer));

This will leak references: PyDict_SetItem() adds new references to the key and the value, it doesn't steal references to the inputs.

Also, PyString_FromString() can fail under low memory conditions, returning NULL, and PyDict_SetItem(dict, NULL, ...) or PyDict_SetItem(dict, ..., NULL) will segfault.

(the use of PyDict_SetItemString() would simplify this code, removing two sets of errors).

There may of course be other bugs in my checker tool.

Hope this is helpful; let me know if you need help reading the logs that the tool generates - I know that it could use some improvement.

Version-Release number of selected component (if applicable):
python-iwlib-1.1-2.fc17
gcc-python-plugin post-0.9 git 11462291a66c8db693c8884cb84b795bb5988ffb running the checker in an *f16* chroot
Comment 1 Jiri Popelka 2012-03-06 06:30:11 EST
(In reply to comment #0)
> (the use of PyDict_SetItemString() would simplify this code, removing two sets
> of errors).

Would this be sufficient ?
http://git.fedorahosted.org/git/?p=python-iwlib.git;a=commitdiff;h=0e99906e924940819faea5e758d638816c4b3b42
Comment 2 Fedora Update System 2012-03-29 07:08:06 EDT
python-iwlib-1.2-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/python-iwlib-1.2-1.fc17
Comment 3 Fedora Update System 2012-03-29 23:00:16 EDT
Package python-iwlib-1.2-1.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing python-iwlib-1.2-1.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-4887/python-iwlib-1.2-1.fc17
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2012-04-18 18:56:29 EDT
python-iwlib-1.2-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.