Errors seen in LOGS/python-krbV-1.0.90-4.fc15

This is a summary of errors seen when compiling with an experimental static analysis tool

Raw build logs can be seen here

Segfaults in normal paths

Code paths that will lead to a segmentatation fault

krb5module.c Principal_getitem dereferencing NULL (d->length) at krb5module.c:2430

Reference leaks

Code paths in which the reference count of an object is left too high, leading to memory leaks

krb5module.c CCache_setattr ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c CCache_initialize ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c CCache_initialize ob_refcnt of '*tmp' is 1 too high
krb5module.c CCache_initialize ob_refcnt of '*conobj' is 1 too high
krb5module.c Keytab_getattr ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c AuthContext_genaddrs ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c AuthContext_genaddrs ob_refcnt of '*tmp' is 1 too high
krb5module.c Context_rd_req ob_refcnt of '*ctx' is 1 too high
krb5module.c Context_rd_req ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c Context_sendauth ob_refcnt of '*ctx' is 1 too high
krb5module.c Context_sendauth ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c AuthContext_mk_priv ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c AuthContext_mk_priv ob_refcnt of '*tmp' is 1 too high
krb5module.c Context_getattr ob_refcnt of '*ctx' is 1 too high
krb5module.c Principal_getitem ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c Principal_getitem ob_refcnt of '*tmp' is 1 too high
krb5util.c dict_addint ob_refcnt of '*key' is 1 too high
krb5util.c dict_addint ob_refcnt of '*val' is 1 too high
krb5module.c AuthContext_rd_priv ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c AuthContext_rd_priv ob_refcnt of '*tmp' is 1 too high
krb5module.c RCache_setattr ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c Principal_itemlen ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c Principal_itemlen ob_refcnt of '*tmp' is 1 too high
krb5module.c make_principal ob_refcnt of _Py_NoneStruct is 1 too high
krb5module.c Keytab_setattr ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c CCache_init_creds_keytab ob_refcnt of '*conobj' is 1 too high
krb5module.c CCache_init_creds_keytab ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c Context_setattr ob_refcnt of '*ctx' is 1 too high
krb5module.c Principal_repr ob_refcnt of '*tmp' is 1 too high
krb5module.c Principal_repr ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c CCache_getattr ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high
krb5module.c Context_recvauth ob_refcnt of '*ctx' is 1 too high
krb5module.c Context_recvauth ob_refcnt of new ref from call to PyObject_GetAttrString is 1 too high

Segfaults within error-handling paths

Code paths in error-handling that will lead to a segmentatation fault (e.g. under low memory conditions)

krb5module.c AuthContext_genaddrs calling PyObject_GetAttrString with NULL as argument 1 (tmp) at krb5module.c:2089
krb5err.c pk_error_init calling PyDict_SetItemString with NULL as argument 3 (pk_exception.1) at krb5err.c:46
krb5util.c dict_addint calling PyDict_SetItem with NULL as argument 3 (val) at krb5util.c:9
krb5util.c dict_addint calling PyDict_SetItem with NULL as argument 2 (key) at krb5util.c:9
krb5module.c Principal_itemlen dereferencing NULL (princ->length) at krb5module.c:2472
krb5module.c make_authdata_list calling PyTuple_SetItem with NULL as argument 1 (adlist) at krb5module.c:756

Possible reference leaks

Code paths in which the reference count of an object might too large - but in which the reference in question came from a function not known to the analyzer.

The analyzer assumes such references are new references, but if the function returns a borrowed reference instead, it's probably not a bug

krb5module.c Context_rd_req ob_refcnt of '*princtmp' is 1 too high
krb5module.c Context_rd_req ob_refcnt of new ref from (unknown) make_authdata_list is 1 too high
krb5module.c Context_rd_req ob_refcnt of new ref from (unknown) make_address_list is 1 too high
krb5module.c Context_rd_req ob_refcnt of new ref from (unknown) make_ticket_times is 1 too high
krb5module.c Context_rd_req ob_refcnt of new ref from (unknown) make_keyblock is 1 too high
krb5module.c Context_rd_req ob_refcnt of new ref from (unknown) make_transited is 1 too high

Returning (PyObject*)NULL without setting an exception

These messages are often false-positives: the analysis tool has no knowledge about internal API calls that can lead to an exception being set
krb5module.c AuthContext_genaddrs returning (PyObject*)NULL without setting an exception
krb5module.c Context_sendauth returning (PyObject*)NULL without setting an exception
krb5module.c AuthContext_mk_priv returning (PyObject*)NULL without setting an exception
krb5module.c Context_getattr returning (PyObject*)NULL without setting an exception
krb5module.c AuthContext_rd_priv returning (PyObject*)NULL without setting an exception
krb5module.c make_principal returning (PyObject*)NULL without setting an exception
krb5module.c Context_setattr returning (PyObject*)NULL without setting an exception
krb5module.c Context_recvauth returning (PyObject*)NULL without setting an exception