Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

minor NULL pointer and sign issues reported by Coverity #85228

Closed
gpshead opened this issue Jun 20, 2020 · 12 comments
Closed

minor NULL pointer and sign issues reported by Coverity #85228

gpshead opened this issue Jun 20, 2020 · 12 comments
Assignees
Labels
3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@gpshead
Copy link
Member

gpshead commented Jun 20, 2020

BPO 41056
Nosy @gpshead, @tiran, @pganssle, @miss-islington
PRs
  • bpo-41056: Fix a possible MemoryError leak within zoneinfo. #21007
  • bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. #21009
  • bpo-41056: Use the fildes converter for fd to please Coverity. #21011
  • bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) #21013
  • [3.9] bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009) #21014
  • [3.8] bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009) #21015
  • [3.9] bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013) #21039
  • [3.8] bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013) #21041
  • [3.9] bpo-41056: Fix a possible MemoryError leak within zoneinfo. (GH-21007) #21083
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/gpshead'
    closed_at = <Date 2020-10-21.19:52:52.359>
    created_at = <Date 2020-06-20.17:38:30.744>
    labels = ['3.10', '3.8', '3.9', 'type-crash']
    title = 'minor NULL pointer and sign issues reported by Coverity'
    updated_at = <Date 2020-10-21.19:52:52.358>
    user = 'https://github.com/gpshead'

    bugs.python.org fields:

    activity = <Date 2020-10-21.19:52:52.358>
    actor = 'p-ganssle'
    assignee = 'gregory.p.smith'
    closed = True
    closed_date = <Date 2020-10-21.19:52:52.359>
    closer = 'p-ganssle'
    components = []
    creation = <Date 2020-06-20.17:38:30.744>
    creator = 'gregory.p.smith'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 41056
    keywords = ['patch']
    message_count = 12.0
    messages = ['371946', '371955', '371957', '371958', '371968', '372011', '372012', '372036', '372037', '372040', '372041', '372256']
    nosy_count = 4.0
    nosy_names = ['gregory.p.smith', 'christian.heimes', 'p-ganssle', 'miss-islington']
    pr_nums = ['21007', '21009', '21011', '21013', '21014', '21015', '21039', '21041', '21083']
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'crash'
    url = 'https://bugs.python.org/issue41056'
    versions = ['Python 3.8', 'Python 3.9', 'Python 3.10']

    @gpshead
    Copy link
    Member Author

    gpshead commented Jun 20, 2020

    ________________________________________________________________________________________________________
    *** CID 1464693:  Null pointer dereferences  (REVERSE_INULL)
    /Modules/_zoneinfo.c: 1625 in parse_abbr()
    1619                 ptr++;
    1620             }
    1621             str_end = ptr;
    1622         }
    1623     
    1624         *abbr = PyUnicode_FromStringAndSize(str_start, str_end - str_start);
    >>>     CID 1464693:  Null pointer dereferences  (REVERSE_INULL)
    >>>     Null-checking "abbr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    1625         if (abbr == NULL) {
    1626             return -1;
    1627         }
    1628     
    1629         return ptr - p;
    1630     }
    
    
    
    ________________________________________________________________________________________________________
    *** CID 1464687:  Null pointer dereferences  (FORWARD_NULL)
    /Modules/_ssl/debughelpers.c: 138 in _PySSL_keylog_callback()
    132          * critical debug helper.
    133          */
    134         if (lock == NULL) {
    135             lock = PyThread_allocate_lock();
    136             if (lock == NULL) {
    137                 PyErr_SetString(PyExc_MemoryError, "Unable to allocate lock");
    >>>     CID 1464687:  Null pointer dereferences  (FORWARD_NULL)
    >>>     Passing null pointer "&ssl_obj->exc_type" to "PyErr_Fetch", which dereferences it.
    138                 PyErr_Fetch(&ssl_obj->exc_type, &ssl_obj->exc_value,
    139                             &ssl_obj->exc_tb);
    140                 return;
    141             }
    142         }
    143     
    
    
    ________________________________________________________________________________________________________
    *** CID 1464684:  Integer handling issues  (NEGATIVE_RETURNS)
    /Modules/clinic/posixmodule.c.h: 6813 in os_fpathconf()
    6807         if (fd == -1 && PyErr_Occurred()) {
    6808             goto exit;
    6809         }
    6810         if (!conv_path_confname(args[1], &name)) {
    6811             goto exit;
    6812         }
    >>>     CID 1464684:  Integer handling issues  (NEGATIVE_RETURNS)
    >>>     "fd" is passed to a parameter that cannot be negative.
    6813         _return_value = os_fpathconf_impl(module, fd, name);
    6814         if ((_return_value == -1) && PyErr_Occurred()) {
    6815             goto exit;
    6816         }
    6817         return_value = PyLong_FromLong(_return_value);
    6818

    @gpshead gpshead added 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes labels Jun 20, 2020
    @gpshead gpshead self-assigned this Jun 20, 2020
    @gpshead gpshead added type-crash A hard crash of the interpreter, possibly with a core dump 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes labels Jun 20, 2020
    @gpshead gpshead self-assigned this Jun 20, 2020
    @gpshead gpshead added the type-crash A hard crash of the interpreter, possibly with a core dump label Jun 20, 2020
    @gpshead
    Copy link
    Member Author

    gpshead commented Jun 20, 2020

    those were the three in the email (20 of 106), i need to figure out how to login to coverity again to see the rest.

    @miss-islington
    Copy link
    Contributor

    New changeset eb0d5c3 by Gregory P. Smith in branch 'master':
    bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009)
    eb0d5c3

    @tiran
    Copy link
    Member

    tiran commented Jun 20, 2020

    I figured out how to run coverity scan builds again. It turned out the tool chain doesn't like GCC 10. clang 10 works, though.

    By the way I'm using login with Github.

    @miss-islington
    Copy link
    Contributor

    New changeset 3ccb96c by Gregory P. Smith in branch 'master':
    bpo-41056: Use the fildes converter for fd to please Coverity. (GH-21011)
    3ccb96c

    @miss-islington
    Copy link
    Contributor

    New changeset 10bf6e4 by Miss Islington (bot) in branch '3.8':
    bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009)
    10bf6e4

    @miss-islington
    Copy link
    Contributor

    New changeset fbf94af by Miss Islington (bot) in branch '3.9':
    bpo-41056: Fix a NULL pointer dereference on MemoryError within the ssl module. (GH-21009)
    fbf94af

    @miss-islington
    Copy link
    Contributor

    New changeset 81328f3 by Gregory P. Smith in branch 'master':
    bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)
    81328f3

    @miss-islington
    Copy link
    Contributor

    New changeset d780fa7 by Gregory P. Smith in branch 'master':
    bpo-41056: Fix a possible MemoryError leak within zoneinfo. (GH-21007)
    d780fa7

    @miss-islington
    Copy link
    Contributor

    New changeset d5ee9b9 by Miss Islington (bot) in branch '3.8':
    bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)
    d5ee9b9

    @miss-islington
    Copy link
    Contributor

    New changeset 9fe5dec by Miss Islington (bot) in branch '3.9':
    bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)
    9fe5dec

    @pganssle
    Copy link
    Member

    New changeset 6c56356 by Paul Ganssle in branch '3.9':
    [3.9] bpo-41056: Fix a possible MemoryError leak within zoneinfo. (GH-21007)
    6c56356

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Development

    No branches or pull requests

    4 participants