Wireshark-bugs: [Wireshark-bugs] [Bug 7011] New: Bugs found using gcc-with-cpychecker static ana

Date: Fri, 30 Mar 2012 04:56:16 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7011

           Summary: Bugs found using gcc-with-cpychecker static analyzer
           Product: Wireshark
           Version: 1.6.5
          Platform: x86
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: jsafrane@xxxxxxxxxx


Build Information:
TShark 1.6.5 (SVN Rev Unknown from unknown)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.31.20, with libpcap (version unknown), with libz
1.2.5, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8, with
c-ares 1.7.5, with Lua 5.1, with Python, with GnuTLS 2.12.14, with Gcrypt
1.5.0,
with MIT Kerberos, with GeoIP.

Running on Linux 3.3.0-1.fc17.x86_64, with libpcap version 1.2.1, with libz
1.2.5.

Built using gcc 4.7.0 20120224 (Red Hat 4.7.0-0.16).

--
I got following report in Fedora Bugzilla. Since I am not a Python expert and I
know even less about Wireshark python plugins, I'm copying it here.
https://bugzilla.redhat.com/show_bug.cgi?id=800197

Description of problem:
I've [dmalcom at redhat.com] been writing an experimental static analysis tool
to detect bugs commonly occurring within C Python extension modules:
  https://fedorahosted.org/gcc-python-plugin/
  http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html
  http://fedoraproject.org/wiki/Features/StaticAnalysisOfPythonRefcounts

I ran the latest version of the tool (in git master; post 0.9) on
wireshark-1.6.5-1.fc17.src.rpm, and it reports various errors.

You can see a list of errors here, triaged into categories (from most
significant to least significant):
http://fedorapeople.org/~dmalcolm/gcc-python-plugin/2012-03-05/wireshark-1.6.5-1.fc17/

I've manually reviewed the issues reported by the tool.

Within the category "Reference leaks" the 4 issues reported appear to be
genuine leaks, though for the first:
  wspy_register.c:py_dissector_name:ob_refcnt of '*py_object_name' is 1 too
high: it's not clear if this is fixable, and if it's actually an issue

For the other three, they all involve a call to PyObject_CallMethod in which
the return value is ignored.  These should all have a Py_XDECREF() on the
return value.

Within the category "Segfaults within error-handling paths" the 1 issue
reported may or may not be a genuine bug; it's impossible to tell without more
context.

There may of course be other bugs in my checker tool.

Hope this is helpful; let me know if you need help reading the logs that the
tool generates - I know that it could use some improvement.

Version-Release number of selected component (if applicable):
wireshark-1.6.5-1.fc17
gcc-python-plugin post-0.9 git 11462291a66c8db693c8884cb84b795bb5988ffb

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.