Skip to content

duckdb Python Extension Analysis Report #408

Open
Open
duckdb Python Extension Analysis Report#408
Labels
needs triage
@devdanzin

Description

@devdanzin
devdanzin
opened on Mar 29, 2026

What happens?

I ran cext-review-toolkit on duckdb-python and got a report with some issues:

The primary risks are: (1) Python API calls without GIL in the parallel numpy scan path (data corruption/crash), (2) PyTuple_Pack reference leak in map.cpp (~11 KB/call), (3) unchecked PyNumber_Rshift NULL in 128-bit integer conversion (segfault), (4) PyErr_PrintEx clobbering exceptions in map and filesystem, and (5) UDF exception handling that optionally swallows MemoryError/KeyboardInterrupt.

The full report is available at https://gist.github.com/devdanzin/5c7600153c8e76afee3ef1a2d516ad70

To Reproduce

Some reproducers are available in the Reproducers Appencix.

OS:

Linux x86_64

DuckDB Package Version:

1.5.1

Python Version:

3.14.3+ debug build

Full Name:

Daniel Silva Diniz

Affiliation:

None

What is the latest build you tested with? If possible, we recommend testing with the latest nightly build.

I have tested with a stable release

Did you include all relevant data sets for reproducing the issue?

Not applicable - the reproduction does not require a data set

Did you include all code required to reproduce the issue?

  • Yes, I have

Did you include all relevant configuration to reproduce the issue?

  • Yes, I have

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions