Issue 35680: [2.7] Coverity scan: Passing freed pointer "name" as an argument to "Py_BuildValue" in _bsddb module.

Created on 2019-01-07 16:41 by cstratak, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
bsddb_fix.patch cstratak, 2019-01-07 16:41
Messages (4)
msg333176 - (view) Author: Charalampos Stratakis (cstratak) * Date: 2019-01-07 16:41
Results from a recent static analysis scan for python2:

Error: USE_AFTER_FREE (CWE-825):
Python-2.7.15/Modules/_bsddb.c:6697: freed_arg: "free" frees "name".
Python-2.7.15/Modules/_bsddb.c:6715: pass_freed_arg: Passing freed pointer "name" as an argument to "Py_BuildValue".

6713|       RETURN_IF_ERR();  /* Maybe the size is not the problem */
6714|   
6715|->     retval = Py_BuildValue("s", name);
6716|       free(name);
6717|       return retval;

Attaching a draft patch.
msg333177 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-01-07 17:03
There is no bug here. "name" is freed only when err == EINVAL. And the RETURN_IF_ERR() macro will return from the function if err != 0. So that a freed pointer will never passed to Py_BuildValue().
msg333178 - (view) Author: Charalampos Stratakis (cstratak) * Date: 2019-01-07 17:19
Indeed it's not a bug per se, more like code readability issue, if however it's not deemed as an issue, it can be closed.
msg334261 - (view) Author: Charalampos Stratakis (cstratak) * Date: 2019-01-23 15:52
Closing this as it's not really a bug in the code, and I don't think spending too much time on python2 is worth it.
History
Date User Action Args
2022-04-11 14:59:10adminsetgithub: 79861
2019-01-23 15:52:57cstrataksetstatus: open -> closed

messages: + msg334261
stage: resolved

2019-01-07 17:19:03cstrataksetmessages: + msg333178
2019-01-07 17:03:23serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg333177
2019-01-07 16:41:05cstratakcreate