Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

BUG: Potential memory leak in function `get_all_cast_information` (a static analyzer report)

See original GitHub issue

Reproducing code example:

Static analysis results, no POC. This static analysis report has been manually verified as a real bug.

Error message:

The path provided by the static analyzer is as follows.

A new reference is returned from PyList_New and pointed to by result. https://github.com/numpy/numpy/blob/e49478c74282bc8f9cb86816897302724d95d5ab/numpy/core/src/multiarray/_multiarray_tests.c.src#L1031
Assume result is not NULL. https://github.com/numpy/numpy/blob/e49478c74282bc8f9cb86816897302724d95d5ab/numpy/core/src/multiarray/_multiarray_tests.c.src#L1032
Call function PyObject_CallMethod, assign return value to classes. https://github.com/numpy/numpy/blob/e49478c74282bc8f9cb86816897302724d95d5ab/numpy/core/src/multiarray/_multiarray_tests.c.src#L1035
Assume classes is NULL, https://github.com/numpy/numpy/blob/e49478c74282bc8f9cb86816897302724d95d5ab/numpy/core/src/multiarray/_multiarray_tests.c.src#L1037
Function returns without decreasing the refcnt of result. https://github.com/numpy/numpy/blob/e49478c74282bc8f9cb86816897302724d95d5ab/numpy/core/src/multiarray/_multiarray_tests.c.src#L1038

NumPy/Python version information:

Static analysis carried out on commit 04ab04d.

Internal bug report ID: NumPy-86c782

Issue Analytics

State:
Created a year ago
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

Snape3058commented, May 13, 2022

Thanks a lot. If you do not think such reports are spamming, I will submit them later in recent days in just one issue. And if there are any important reports, I will submit them in separate unique issues or PRs. Thank you again for your support of my research.

… I do not think these are particularly problematic in practice

It is the problem of static analysis. Since such a technique is good at finding bugs that usually will not be triggered. The reason why I did not report them at the very beginning is that I also thought such paths would be seldom executed. However, to make the paper reviewers believe my tool is helpful to find real bugs, I need to submit all of them.

0reactions

sebergcommented, May 13, 2022

Btw. in case you are manually getting out all those “steps” with links to the lines. I think it would be good enough to have only the first link and then some summary of what follows.