On 2016-07-22 17:31, Chris Angelico wrote:
> On Sat, Jul 23, 2016 at 12:36 AM, Guido van Rossum <gu...@python.org> wrote:
>> Somebody did some research and found some bugs in CPython (IIUC). The
>> published some questionable fragments. If there's a volunteer we could
>> probably easily fix these. (I know we already have occasional Coverity
>> scans and there are other tools too (anybody try lgtm yet?) But this
>> seems honest research (also Python leaves Ruby in the dust :-):
>>
>> http://www.viva64.com/en/b/0414/
>
> First and foremost: All of these purported bugs appear to have been
> found by compiling on Windows. Does Coverity test a Windows build? If
> not, can we get it to? These look like the exact types of errors that
> Coverity *would* discover.
No, it doesn't. The Coverity Scan builds only run on X86_64 Linux
platforms. When I took over Coverity Scan for CPython many years ago it
was not possible to support multiple platforms and target with the free
edition. I never tried to upload builds from different platforms because
I feared that it might play havoc with the scan history. Should I check
with Coverity again?
Some of these issues have been found by Coverity and I even have patches
for them, e.g. N6 is CID#1299595. I have 13 patches that I haven't
published and merged yet. None of the issues is critical, though. Since
I forgot how to use hg I have been waiting for the github migration.
Christian
From f84cfa464e4b7d03776afabe9c0819d491c5617b Mon Sep 17 00:00:00 2001
From: Christian Heimes <christ...@python.org>
Date: Fri, 19 Feb 2016 16:22:23 +0100
Subject: [PATCH 04/13] Fix dereferencing before NULL check in
_PyState_AddModule()
_PyState_AddModule() accesses a member of PyModuleDef* def first and
then check def for NULL. The other way around is right.
CID 1299595
---
Python/pystate.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/Python/pystate.c b/Python/pystate.c
index ba4dd4c2b5f37ca20f8b9c5afb30053b074f2e50..3fe8ff486ed6838baa92597060af8bcc0ca7e356 100644
--- a/Python/pystate.c
+++ b/Python/pystate.c
@@ -283,14 +283,15 @@ int
_PyState_AddModule(PyObject* module, struct PyModuleDef* def)
{
PyInterpreterState *state;
- if (def->m_slots) {
- PyErr_SetString(PyExc_SystemError,
- "PyState_AddModule called on module with slots");
- return -1;
- }
- state = GET_INTERP_STATE();
+
if (!def)
return -1;
+ if (def->m_slots) {
+ PyErr_SetString(PyExc_SystemError,
+ "PyState_AddModule called on module with slots");
+ return -1;
+ }
+ state = GET_INTERP_STATE();
if (!state->modules_by_index) {
state->modules_by_index = PyList_New(0);
if (!state->modules_by_index)
--
2.7.4
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
