Description of problem: I've been writing an experimental static analysis tool to detect bugs commonly occurring within C Python extension modules: https://fedorahosted.org/gcc-python-plugin/ http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html http://fedoraproject.org/wiki/Features/StaticAnalysisOfPythonRefcounts I ran the latest version of the tool (in git master; post 0.9) on net-snmp-5.7.1-4.fc17.src.rpm, and it reports various errors. You can see a list of errors here, triaged into categories (from most significant to least significant): http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-02-18/net-snmp-5.7.1-4.fc17/ I've manually reviewed the issues reported by the tool. Within the category "Reference leak within initialization" the 1 issue reported looks inconsequential Within the category "Segfaults within error-handling paths" the first issue reported: netsnmp/client_intf.c:py_netsnmp_attr_set_string:dereferencing NULL (val_obj->ob_refcnt) at netsnmp/client_intf.c:1190 looks like a genuine bug: this could segfault under low-memory conditions (where the call to Py_BuildValue() fails and returns NULL). The other two bugs are similar, but PyInt_FromLong() is unlikely to fail (it will always succeed for the range -5..255); if the numbers are more negative that than, it could segfault in the same way. Within the category "Returning (PyObject*)NULL without setting an exception" the 1 issue reported looks like a false positive. There may of course be other bugs in my checker tool. Hope this is helpful; let me know if you need help reading the logs that the tool generates - I know that it could use some improvement. Version-Release number of selected component (if applicable): net-snmp-5.7.1-4.fc17 gcc-python-plugin post-0.9 git 771455b3128b1323e80bdda53939d8d140a84c68 running the checker in an *f16* chroot
The tool looks nice. I fixed the 3 "Segfaults within error-handling paths" bugs upstream: http://net-snmp.git.sourceforge.net/git/gitweb.cgi?p=net-snmp/net-snmp;a=commitdiff;h=9ac375900e4222cf077216492771c0f2cfb93ed8 I am not a Python guy, I just blindly fixed what seemed to be really wrong. I wonder, in the reports I can see "found 11 similar trace(s) to this", does it mean there are other bugs somewhere?