This is a summary of errors seen when compiling with an experimental static analysis tool
Raw build logs can be seen here
Code paths in which the reference count of an object is left too low. This could lead to the object being deallocated too early, triggering segfaults when later accessed. Over repeated calls, these errors could accumulate, increasing the likelihood of a segfault.
Code paths in which the reference count of an object is left too high, leading to memory leaks
| ./libxml.c | libxml_xmlXPathFuncCallback | ob_refcnt of '*result' is 1 too high |
Code paths in error-handling that will lead to a segmentatation fault (e.g. under low memory conditions)
Code paths in which the reference count of an object might too large - but in which the reference in question came from a function not known to the analyzer.
The analyzer assumes such references are new references, but if the function returns a borrowed reference instead, it's probably not a bug
| ./libxml.c | libxml_xmlXPathFuncCallback | ob_refcnt of new ref from (unknown) libxml_xmlXPathParserContextPtrWrap is 1 too high |
| ./libxml.c | libxml_xmlXPathFuncCallback | ob_refcnt of '*cur' is 1 too high |