bottleneck icon indicating copy to clipboard operation
bottleneck copied to clipboard
verified publisher icon pydata

[BUG] Four potential memory leaks due to refcnt not decreased on error branches. (Static analysis reports)

Open Snape3058 opened this issue 4 years ago • 0 comments

Describe the bug During module initialization, the call to macro import_array will return NULL directly on failure, which will make the created module leaked without decreasing its refcnt.

Bug path trace

move_template.c

  1. Module is created, pointed to by m. https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/move_template.c#L1504

  2. Assume m is not NULL. https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/move_template.c#L1508

  3. Invoke macro import_array, assume error happens and NULL is returned directly. https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/move_template.c#L1509

  4. The module pointed to by m leaks without decreasing its refcnt.

Similarly, it is the same symptom in another three files.

  • nonreduce_axis_template.c https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/nonreduce_axis_template.c#L1054 https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/nonreduce_axis_template.c#L1058 https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/nonreduce_axis_template.c#L1059

  • nonreduce_template.c https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/nonreduce_template.c#L369 https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/nonreduce_template.c#L373 https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/nonreduce_template.c#L376

  • reduce_template.c https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/reduce_template.c#L2545 https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/reduce_template.c#L2549 https://github.com/pydata/bottleneck/blob/f2bc792e540908d165143c4930d63d1e7ab806d3/bottleneck/src/reduce_template.c#L2550

Version

Static analysis carried out on commit f2bc792.

Snape3058 avatar Jun 29 '21 07:06 Snape3058