#Tool for statically analysing my C code?

Could anyone tell me where I can find something better than cppcheck for statically analyze my C code?
I keep seeing errors in valgrind about "Invalid read of size #" meaning I'm probably using freed memory, exceeding the size of my strings or allocating too big ones when I'm using jansson.

So, I'd be specifically looking for something that could help me about that and that could also tell me where are the missing free function calls.

address sanitizers may be more convenient to use than valgrind, I think, also clang sports some static analyzer

Are you using warnings?

-Wall -Wextra -pedantic -Werror

I'm using warnings of course

of course
You wouldn't believe what we see on a daily basis

I'd prefer not using CMake cause I find it very unconvenient ...

A) Why do you find it inconvenient?
B) Why does that matter rn?

A) Syntax, condition statements, ... mostly everything. Unability to set several sources directories easily and unability to browse them recursively (e.g. aux_source_directory).
B) Cause I'm stuck using this: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O0 -ggdb -Wall -Wextra")

You could try gcc -fanalyzer. They’ve been improving it but idk how it’s false positive/negative rate is

I agree with sbdswr that asan would be good to try

what ones?

I'd say this is a false positive:

There's no way len could be anything else than INET_ADDSTRLEN or INET6_ADDRSTRLEN

well, you have that path

I have that path?

the path of code which is clearly shown to you

if you go to default len is uninitialized

change break there to return NULL e.g.

k good point

btw sizeof(char) is just 1, always

by definition

doing anything else there than malloc(len) just feels weird

yeah

currently laughing at me

wow is -fanalyze is very helpful, won't have headache anymore while trying to find where I fucked up my code

also, again, the address sanitizer

already detected a leak

it is memcheck built-in to your code, so faster than valgrind

k

just a sidenote:

condition statements
kinda agree, though the syntax is fine
Unability to set several sources directories easily
wdym? any directroy with a CMakeLists.txt become a a source dir or a dir CMake will be aware of if you include_directory add_subdirectory it (sorry got them both confused)

set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O0 -ggdb -Wall -Wextra")
isn't the way things should be done anymore. either use presets or at the very least
target_compile_options

wdym? any directroy with a CMakeLists.txt become a a source dir or a dir CMake will be aware of if you include_directory it
yeah, that's unconvenient too, having to add CMakeLists.txt to every single source dir ...
imagine having doing that for a lot of files per directory, and a lot of directories too:
It's not currently the case for me, but could be if I decide to split my source code into several files.

set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O0 -ggdb -Wall -Wextra")
isn't the way things should be done anymore. either use presets or at the very list
target_compile_options
presets?

well, its your choice ofc - i just don't think it inconvenient per se
https://cmake.org/cmake/help/latest/manual/cmake-presets.7.html

!solved