| PyObject * |
| make_a_list_of_random_ints_badly(PyObject *self, |
| PyObject *args) |
| { |
| PyObject *list, *item; |
| long count, i; |
| if (!PyArg_ParseTuple(args, "i", &count)) { |
| return NULL; |
| } |
| list = PyList_New(0); |
| for (i = 0; i < count; i++) { |
| item = PyLong_FromLong(random()); |
| PyList_Append(list, item); |
| } |
| return list; |
| } |
when PyArg_ParseTuple() succeeds
taking False path
when PyList_New() succeeds
when considering range: 1 <= count.0 <= 0x7fffffff
taking True path
when PyLong_FromLong() succeeds
when PyList_Append() succeeds
when considering count.0 == (int)1 from libcpychecker/html/test/example1/bug.c:10
taking False path
PyLongObject allocated at: item = PyLong_FromLong(random());
was expecting final ob_refcnt to be N + 1 (for some unknown N)
due to object being referenced by: PyListObject.ob_item[0]
but final ob_refcnt is N + 2
found 1 similar trace(s) to this
| PyObject * |
| make_a_list_of_random_ints_badly(PyObject *self, |
| PyObject *args) |
| { |
| PyObject *list, *item; |
| long count, i; |
| if (!PyArg_ParseTuple(args, "i", &count)) { |
| return NULL; |
| } |
| list = PyList_New(0); |
| for (i = 0; i < count; i++) { |
| item = PyLong_FromLong(random()); |
| PyList_Append(list, item); |
| } |
| return list; |
| } |
when PyArg_ParseTuple() succeeds
taking False path
when PyList_New() fails
when considering range: 1 <= count.0 <= 0x7fffffff
taking True path
when PyLong_FromLong() succeeds
PyList_Append() invokes Py_TYPE() on the pointer via the PyList_Check() macro, thus accessing (NULL)->ob_type
found 1 similar trace(s) to this