We are researchers from the University of Athens, working on cross-language analysis of Python packages with C/C++ native extensions.

Problem

We found an issue in the aubio package: The new_aubio_filter function [1] does not check the return values of its internal memory allocation calls (AUBIO_NEW [2], new_lvec [3], which internally invoke calloc() [4]).
When calloc() [4] fails, the function continues execution with a NULL pointer, which can lead to undefined behavior, such as Segmentation Fault or Program hang.

Steps to Reproduce

1. Open a terminal and run:

dmesg -w

This will stream kernel logs in real time. We use this to prove that it happens (without having to wait for the process to terminate with the “Segmentation Fault” message).

2. In another terminal, run the following Python script:

import aubio._aubio

import time

ITERS = 100000
MB = 1024 ** 2
ORDER = 512 * MB

y = []

for i in range(ITERS):
    print(i)
    x = aubio._aubio.digital_filter(ORDER)
    y.append(x)

time.sleep(100)

In the dmesg terminal you should observe a kernel crash message similar to:

python3[10335]: segfault at 0 ip 00007ba1fd724f93 sp 00007fffb6120ec0 error 6 in _aubio.cpython-39-x86_64-linux-gnu.so[7ba1fd709000+1d000] likely on CPU 4 (core 2, socket 0)

Potential Fix

All memory allocation calls in new_aubio_filter() should have their return values checked. If any allocation fails (returns NULL), the function should:

• Clean up any previously allocated resources.
• Return NULL immediately to prevent undefined behavior.

In addition, according to the official aubio documentation [5] the order parameter typically takes the values 3, 5, or 7. As a result, adding a check on the order values, helps prevent unrealistic allocations.

References

[1]