➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2019-03-14 14:50 by cstratak, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 12330 | merged | cstratak, 2019-03-14 15:00 | |
| Messages (4) | |||
|---|---|---|---|
| msg337927 - (view) | Author: Charalampos Stratakis (cstratak) * | Date: 2019-03-14 14:50 | |
Coverity reports a leak within the json module: Error: RESOURCE_LEAK (CWE-772): [#def26] Python-2.7.15/Modules/_json.c:1367: alloc_fn: Storage is returned from allocation function "PyString_FromStringAndSize". Python-2.7.15/Objects/stringobject.c:88:5: alloc_fn: Storage is returned from allocation function "PyObject_Malloc". Python-2.7.15/Objects/obmalloc.c:982:5: alloc_fn: Storage is returned from allocation function "malloc". Python-2.7.15/Objects/obmalloc.c:982:5: return_alloc_fn: Directly returning storage allocated by "malloc". Python-2.7.15/Objects/stringobject.c:88:5: var_assign: Assigning: "op" = "PyObject_Malloc(37UL + size)". Python-2.7.15/Objects/stringobject.c:111:5: return_alloc: Returning allocated memory "op". Python-2.7.15/Modules/_json.c:1367: var_assign: Assigning: "numstr" = storage returned from "PyString_FromStringAndSize(&str[start], idx - start)". Python-2.7.15/Modules/_json.c:1379: leaked_storage: Variable "numstr" going out of scope leaks the storage it points to. 1377| NULL, NULL); 1378| if (d == -1.0 && PyErr_Occurred()) 1379|-> return NULL; 1380| rval = PyFloat_FromDouble(d); 1381| } |
|||
| msg337934 - (view) | Author: STINNER Victor (vstinner) *  |
Date: 2019-03-14 15:17 | |
Note for myself: Python 3 isn't affected by this issue. The issue in Python 2 is in the _match_number_str() function which doesn't exist in Python 3. In Python 3, _parse_object_unicode() uses a very different code: it calls PyFloat_FromString() or PyLong_FromString() for numstr. |
|||
| msg337935 - (view) | Author: STINNER Victor (vstinner) * |
Date: 2019-03-14 15:23 | |
New changeset fb3336acfde3204fd01ce519ef24cc18a94dfa3f by Victor Stinner (stratakis) in branch '2.7': [2.7] bpo-36291: Fix a possible reference leak in the json module (GH-12330) https://github.com/python/cpython/commit/fb3336acfde3204fd01ce519ef24cc18a94dfa3f |
|||
| msg337936 - (view) | Author: STINNER Victor (vstinner) * |
Date: 2019-03-14 15:23 | |
Thanks Charalampos, I merged your PR. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:12 | admin | set | github: 80472 |
| 2019-03-15 21:10:27 | matrixise | set | assignee: matrixise -> |
| 2019-03-14 15:23:42 | vstinner | set | status: open -> closed resolution: fixed messages: + msg337936 stage: patch review -> resolved |
| 2019-03-14 15:23:07 | vstinner | set | messages: + msg337935 |
| 2019-03-14 15:17:50 | vstinner | set | nosy:
+ vstinner messages: + msg337934 |
| 2019-03-14 15:00:17 | cstratak | set | keywords:
+ patch stage: patch review pull_requests: + pull_request12301 |
| 2019-03-14 14:58:51 | mdk | set | assignee: matrixise nosy: + matrixise |
| 2019-03-14 14:50:44 | cstratak | create | |