Errors seen in sssd-1.6.2-5.fc16

This is a summary of errors seen when compiling with an experimental static analysis tool

Raw build logs can be seen here

Reference count too low

Code paths in which the reference count of an object is left too low. This could lead to the object being deallocated too early, triggering segfaults when later accessed. Over repeated calls, these errors could accumulate, increasing the likelihood of a segfault.

src/python/pyhbac.c HbacRequest_new ob_refcnt of new ref from (unknown) HbacRequestElement_new is 1 too low
src/python/pyhbac.c HbacRequestElement_new ob_refcnt of new ref from (unknown) sss_python_unicode_from_string is 1 too low
src/python/pyhbac.c HbacRule_new ob_refcnt of new ref from (unknown) sss_python_unicode_from_string is 1 too low
src/python/pyhbac.c HbacRule_new ob_refcnt of new ref from (unknown) HbacRuleElement_new is 1 too low

Reference leaks

Code paths in which the reference count of an object is left too high, leading to memory leaks

src/python/pyhbac.c sequence_as_string_list ob_refcnt of '*item' is 1 too high
src/python/pyhbac.c str_concat_sequence ob_refcnt of '*item' is 1 too high
src/python/pyhbac.c set_hbac_exception ob_refcnt of new ref from call to Py_BuildValue is 1 too high

Possible reference leaks

Code paths in which the reference count of an object might too large - but in which the reference in question came from a function not known to the analyzer.

The analyzer assumes such references are new references, but if the function returns a borrowed reference instead, it's probably not a bug

src/python/pyhbac.c HbacRuleElement_new ob_refcnt of new ref from (unknown) sss_python_set_new is 1 too high
src/python/pyhbac.c HbacRuleElement_new ob_refcnt of PyListObject is 1 too high
src/python/pysss.c PySssLocalObject_new ob_refcnt of '*self' is 1 too high

Returning (PyObject*)NULL without setting an exception

These messages are often false-positives: the analysis tool has no knowledge about internal API calls that can lead to an exception being set
src/python/pysss.c py_sss_userdel returning (PyObject*)NULL without setting an exception
src/python/pyhbac.c HbacRuleElement_repr returning (PyObject*)NULL without setting an exception
src/python/pysss.c py_sss_usermod returning (PyObject*)NULL without setting an exception
src/python/pysss.c py_sss_groupdel returning (PyObject*)NULL without setting an exception
src/python/pyhbac.c py_hbac_rule_validate returning (PyObject*)NULL without setting an exception
src/python/pyhbac.c py_hbac_evaluate returning (PyObject*)NULL without setting an exception
src/python/pysss.c py_sss_encrypt returning (PyObject*)NULL without setting an exception
src/python/pyhbac.c HbacRequestElement_repr returning (PyObject*)NULL without setting an exception
src/python/pysss.c py_sss_groupmod returning (PyObject*)NULL without setting an exception
src/python/pysss.c py_sss_useradd returning (PyObject*)NULL without setting an exception
src/python/pysss.c py_sss_groupadd returning (PyObject*)NULL without setting an exception
src/python/pysss.c PySssLocalObject_new returning (PyObject*)NULL without setting an exception