[Python-Dev] remaining issues from Klocwork static analysis

Neal Norwitz nnorwitz at gmail.com
Tue Jul 25 07:50:46 CEST 2006 

I've fixed most of the problems (or determined they weren't problems)
from all the warnings issued by Klocwork's static analysis tool.  The
following are outstanding issues.

This first group looks like real problems to me:

# 74 Object/funcobject.c:143    Suspicious deref of ptr before NULL check
#169 Modules/threadmodule.c:497 Memory Leak

# 28 Modules/_sre.c:987   Array Index Out of Bounds

    Buffer overflow, array index of 'mark' may be outside the
    bounds. Array 'mark' of size 200 declared at sre.h:77 may use
    index values 0..536870911. Also there are 3 similar errors on
    lines 1006, 1225, 1237.  (Try limiting mark on line 589?)

#174 Modules/unicodedata.c:432   Array Index Out of Bounds

    Buffer overflow, array index of 'decomp_prefix' may be outside the
    bounds. Array 'decomp_prefix' of size 18 declared at
    unicodedata_db.h:529 may use index values 18..255. Also there is one
    similar error on line 433.

# 36 Modules/cPickle.c:3404   Memory Leak

    Memory leak. Dynamic memory stored in 's' allocated through
    function 'pystrndup' at line 3384 is lost at line 3404.

    s should not be freed on line 3407, but earlier.
    PDATA_PUSH can return on error and s will not be freed.

# 61 Modules/_sqlite/cursor.c:599  Null pointer may be dereferenced

    Null pointer 'self->statement' that comes from line 674 may be
    dereferenced by passing argument 1 to function
    'statement_mark_dirty' at line 599.

Most of these seem suspect.  I'm not so sure about them, but I haven't
looked into some at all.  Let me know if you want the details for any
of these or if you can provide an analysis to demonstrate they are
incorrect.

Null pointer may be dereferenced	Python/ast.c:641
Null pointer may be dereferenced	Python/ast.c:656
Ptr will be derefed after it was positively checked for
NULL	Python/compile.c:3020
Null pointer may be passed to function that may dereference
it	Python/compile.c:4459
Array Index Out of Bounds	Modules/_sre.c:987
Array Index Out of Bounds	Object/longobject.c:1787
Array Index Out of Bounds	Object/longobject.c:2475
Array Index Out of Bounds	Python/sysmodule.c:1016

Array Index Out of Bounds	Python/getpath.c:285
Buffer Overflow - Non-null Terminated String	Python/getpath.c:432
Unvalidated User Input Buffer Overflow-Non-Null Terminated
String	Python/getpath.c:431
Unvalidated User Input Buffer Overflow-Non-Null Terminated
String	Python/getpath.c:496
Unvalidated User Input Buffer Overflow-Non-Null Terminated
String	Python/getpath.c:497

Let me know if you want more info about any particular report.  It
would be great to have some help and fix these.

n

More information about the Python-Dev mailing list