Dave Malcolm at Red Hat has been working on a static code analysis tool
for Python-related C code. He reports here on some preliminary results
for plpython.c:
https://bugzilla.redhat.com/show_bug.cgi?id=795011
I'm not enough of a Python hacker to evaluate the significance of these
issues, but somebody who does work on that code ought to take a look and
see what we ought to patch.
regards, tom lane