Fix the remaining static analysis warnings.

Except two incorrect leak warnings and one about mktemp
 being insecure in the XML backend. See the respective
comments about those.

gnucash/gnome-utils/gnc-tree-model-split-reg.c

@@ -992,7 +992,7 @@ gnc_tree_model_split_reg_get_sub_account (GncTreeModelSplitReg *model)
 void
 gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query)
 {
-    GSList *p1 = NULL, *p2 = NULL, *p3 = NULL, *standard;
+    GSList *p1 = NULL, *p2 = NULL, *standard;
 
     time64 start;
     struct tm tm;
@@ -1019,7 +1019,7 @@ gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query
             else if (model->sort_depth == 3)
             {
                 p1 = g_slist_prepend (p1, SPLIT_RECONCILE);
-                p1 = g_slist_prepend (p2, SPLIT_DATE_RECONCILED);
+                p1 = g_slist_prepend (p1, SPLIT_DATE_RECONCILED);
                 p2 = standard;
             }
             break;
@@ -1061,7 +1061,7 @@ gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query
         case GNC_TREE_MODEL_SPLIT_REG_COL_RECN:
             {
                 p1 = g_slist_prepend (p1, SPLIT_RECONCILE);
-                p1 = g_slist_prepend (p2, SPLIT_DATE_RECONCILED);
+                p1 = g_slist_prepend (p1, SPLIT_DATE_RECONCILED);
                 p2 = standard;
             }
             break;
@@ -1088,7 +1088,7 @@ gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query
         xaccQueryAddDateMatchTT (query, TRUE, start, FALSE, 0, QOF_QUERY_AND);
     }
 
-    qof_query_set_sort_order (query, p1, p2, p3);
+    qof_query_set_sort_order (query, p1, p2, NULL);
 
 }
 

gnucash/gnome/dialog-commodities.c

@@ -222,7 +222,7 @@ add_clicked (CommoditiesDialog *cd)
     else
         name_space = NULL;
 
-    commodity = gnc_ui_new_commodity_modal (name_space, cd->dialog);
+    gnc_ui_new_commodity_modal (name_space, cd->dialog);
 }
 
 void

gnucash/import-export/ofx/gnc-ofx-import.c

@@ -973,7 +973,7 @@ int ofx_proc_account_cb(struct OfxAccountData data, void * account_user_data)
          * calling 'gnc_import_select_account', allow the user to set book
          * options. */
         if (new_book)
-            new_book = gnc_new_book_option_display (GTK_WIDGET (gnc_ui_get_main_window (NULL)));
+            gnc_new_book_option_display (GTK_WIDGET (gnc_ui_get_main_window (NULL)));
 
         gnc_utf8_strip_invalid(data.account_name);
         gnc_utf8_strip_invalid(data.account_id);

libgnucash/backend/xml/gnc-xml-backend.cpp

@@ -376,6 +376,11 @@ GncXmlBackend::write_to_file (bool make_backup)
     strcpy (tmp_name, m_fullpath.c_str());
     strcat (tmp_name, ".tmp-XXXXXX");
 
+    /* Clang static analyzer flags this as a security risk, which is
+     * theoretically true, but we can't use mkstemp because we need to
+     * open the file ourselves because of compression. None of the alternatives
+     * is any more secure.
+     */
     if (!mktemp (tmp_name))
     {
         g_free (tmp_name);

libgnucash/engine/gnc-pricedb.c

@@ -2196,28 +2196,28 @@ gnc_pricedb_nth_price (GNCPriceDB *db,
                merged currency list. */
             GList **price_array = (GList **)g_new(gpointer, num_currencies);
             GList **next_list;
-            int i, j;
+            int i, j, k;
             GHashTableIter iter;
             gpointer key, value;
 
             /* Build an array of all the currencies this commodity has prices for */
             for (i = 0, g_hash_table_iter_init(&iter, currency_hash);
                  g_hash_table_iter_next(&iter, &key, &value) && i < num_currencies;
-                 i++)
+                 ++i)
             {
                 price_array[i] = value;
             }
 
-            /* Iterate n times to get the nth price, each time finding the currency
+            /* Iterate up to n times (there are i prices, so going past i will run off the end of the array) to get the nth price, each time finding the currency
                with the latest price */
-            for (i = 0; i <= n; i++)
+            for (k = 0; k < n && k < i; ++k)
             {
                 next_list = NULL;
-                for (j = 0; j < num_currencies; j++)
+                for (j = 0; j < i; ++j)
                 {
                     /* Save this entry if it's the first one or later than
                        the saved one. */
-                    if (price_array[j] != NULL &&
+                    if (price_array[k] != NULL &&
                         (next_list == NULL || *next_list == NULL ||
                         compare_prices_by_date((*next_list)->data, (price_array[j])->data) > 0))
                     {

libgnucash/engine/gncEntry.c

@@ -1599,7 +1599,7 @@ int gncEntryCompare (const GncEntry *a, const GncEntry *b)
     if (a == b) return 0;
     if (!a && b) return -1;
     if (a && !b) return 1;
-
+    g_assert (a && b);  /* Silence a static analysis warning. */
     if (a->date != b->date) return a->date - b->date;
     if (a->date_entered != b->date_entered) return a->date_entered - b->date_entered;
 

libgnucash/engine/gncTaxTable.c

@@ -722,6 +722,8 @@ static GncTaxTable *gncTaxTableCopy (const GncTaxTable *table)
         GncTaxTableEntry *entry, *e;
         entry = list->data;
         e = gncTaxTableEntryCopy (entry);
+       /* Clang static analyzer thinks we're leaking e, but we're not.
+        * We're transferring it to table. */
         gncTaxTableAddEntry (t, e);
     }
     return t;

libgnucash/engine/kvp-value.cpp

@@ -344,6 +344,7 @@ compare(const KvpValueImpl * one, const KvpValueImpl * two) noexcept
     if (one == two) return 0;
     if (one && !two) return 1;
     if (!one && two) return -1;
+    assert (one && two);  /* Silence a static analysis warning. */
     return compare(*one, *two);
 }