diff --git a/gnucash/gnome-utils/gnc-tree-model-split-reg.c b/gnucash/gnome-utils/gnc-tree-model-split-reg.c index 4688f5c8ee..05ecd8a8dd 100644 --- a/gnucash/gnome-utils/gnc-tree-model-split-reg.c +++ b/gnucash/gnome-utils/gnc-tree-model-split-reg.c @@ -992,7 +992,7 @@ gnc_tree_model_split_reg_get_sub_account (GncTreeModelSplitReg *model) void gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query) { - GSList *p1 = NULL, *p2 = NULL, *p3 = NULL, *standard; + GSList *p1 = NULL, *p2 = NULL, *standard; time64 start; struct tm tm; @@ -1019,7 +1019,7 @@ gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query else if (model->sort_depth == 3) { p1 = g_slist_prepend (p1, SPLIT_RECONCILE); - p1 = g_slist_prepend (p2, SPLIT_DATE_RECONCILED); + p1 = g_slist_prepend (p1, SPLIT_DATE_RECONCILED); p2 = standard; } break; @@ -1061,7 +1061,7 @@ gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query case GNC_TREE_MODEL_SPLIT_REG_COL_RECN: { p1 = g_slist_prepend (p1, SPLIT_RECONCILE); - p1 = g_slist_prepend (p2, SPLIT_DATE_RECONCILED); + p1 = g_slist_prepend (p1, SPLIT_DATE_RECONCILED); p2 = standard; } break; @@ -1088,7 +1088,7 @@ gnc_tree_model_split_reg_update_query (GncTreeModelSplitReg *model, Query *query xaccQueryAddDateMatchTT (query, TRUE, start, FALSE, 0, QOF_QUERY_AND); } - qof_query_set_sort_order (query, p1, p2, p3); + qof_query_set_sort_order (query, p1, p2, NULL); } diff --git a/gnucash/gnome/dialog-commodities.c b/gnucash/gnome/dialog-commodities.c index 7a5487e1c2..b392c5b853 100644 --- a/gnucash/gnome/dialog-commodities.c +++ b/gnucash/gnome/dialog-commodities.c @@ -222,7 +222,7 @@ add_clicked (CommoditiesDialog *cd) else name_space = NULL; - commodity = gnc_ui_new_commodity_modal (name_space, cd->dialog); + gnc_ui_new_commodity_modal (name_space, cd->dialog); } void diff --git a/gnucash/import-export/ofx/gnc-ofx-import.c b/gnucash/import-export/ofx/gnc-ofx-import.c index 101c03010a..9603c44fa9 100644 --- a/gnucash/import-export/ofx/gnc-ofx-import.c +++ b/gnucash/import-export/ofx/gnc-ofx-import.c @@ -973,7 +973,7 @@ int ofx_proc_account_cb(struct OfxAccountData data, void * account_user_data) * calling 'gnc_import_select_account', allow the user to set book * options. */ if (new_book) - new_book = gnc_new_book_option_display (GTK_WIDGET (gnc_ui_get_main_window (NULL))); + gnc_new_book_option_display (GTK_WIDGET (gnc_ui_get_main_window (NULL))); gnc_utf8_strip_invalid(data.account_name); gnc_utf8_strip_invalid(data.account_id); diff --git a/libgnucash/backend/xml/gnc-xml-backend.cpp b/libgnucash/backend/xml/gnc-xml-backend.cpp index 61a73ba323..5242723c2f 100644 --- a/libgnucash/backend/xml/gnc-xml-backend.cpp +++ b/libgnucash/backend/xml/gnc-xml-backend.cpp @@ -376,6 +376,11 @@ GncXmlBackend::write_to_file (bool make_backup) strcpy (tmp_name, m_fullpath.c_str()); strcat (tmp_name, ".tmp-XXXXXX"); + /* Clang static analyzer flags this as a security risk, which is + * theoretically true, but we can't use mkstemp because we need to + * open the file ourselves because of compression. None of the alternatives + * is any more secure. + */ if (!mktemp (tmp_name)) { g_free (tmp_name); diff --git a/libgnucash/engine/gnc-pricedb.c b/libgnucash/engine/gnc-pricedb.c index b7efb28a61..6e97e8ebcd 100644 --- a/libgnucash/engine/gnc-pricedb.c +++ b/libgnucash/engine/gnc-pricedb.c @@ -2196,28 +2196,28 @@ gnc_pricedb_nth_price (GNCPriceDB *db, merged currency list. */ GList **price_array = (GList **)g_new(gpointer, num_currencies); GList **next_list; - int i, j; + int i, j, k; GHashTableIter iter; gpointer key, value; /* Build an array of all the currencies this commodity has prices for */ for (i = 0, g_hash_table_iter_init(&iter, currency_hash); g_hash_table_iter_next(&iter, &key, &value) && i < num_currencies; - i++) + ++i) { price_array[i] = value; } - /* Iterate n times to get the nth price, each time finding the currency + /* Iterate up to n times (there are i prices, so going past i will run off the end of the array) to get the nth price, each time finding the currency with the latest price */ - for (i = 0; i <= n; i++) + for (k = 0; k < n && k < i; ++k) { next_list = NULL; - for (j = 0; j < num_currencies; j++) + for (j = 0; j < i; ++j) { /* Save this entry if it's the first one or later than the saved one. */ - if (price_array[j] != NULL && + if (price_array[k] != NULL && (next_list == NULL || *next_list == NULL || compare_prices_by_date((*next_list)->data, (price_array[j])->data) > 0)) { diff --git a/libgnucash/engine/gncEntry.c b/libgnucash/engine/gncEntry.c index 654e7ec4ea..dc6ad8be00 100644 --- a/libgnucash/engine/gncEntry.c +++ b/libgnucash/engine/gncEntry.c @@ -1599,7 +1599,7 @@ int gncEntryCompare (const GncEntry *a, const GncEntry *b) if (a == b) return 0; if (!a && b) return -1; if (a && !b) return 1; - + g_assert (a && b); /* Silence a static analysis warning. */ if (a->date != b->date) return a->date - b->date; if (a->date_entered != b->date_entered) return a->date_entered - b->date_entered; diff --git a/libgnucash/engine/gncTaxTable.c b/libgnucash/engine/gncTaxTable.c index 91752163eb..6159d12858 100644 --- a/libgnucash/engine/gncTaxTable.c +++ b/libgnucash/engine/gncTaxTable.c @@ -722,6 +722,8 @@ static GncTaxTable *gncTaxTableCopy (const GncTaxTable *table) GncTaxTableEntry *entry, *e; entry = list->data; e = gncTaxTableEntryCopy (entry); + /* Clang static analyzer thinks we're leaking e, but we're not. + * We're transferring it to table. */ gncTaxTableAddEntry (t, e); } return t; diff --git a/libgnucash/engine/kvp-value.cpp b/libgnucash/engine/kvp-value.cpp index 5c4addd3d6..bbfedf6aab 100644 --- a/libgnucash/engine/kvp-value.cpp +++ b/libgnucash/engine/kvp-value.cpp @@ -344,6 +344,7 @@ compare(const KvpValueImpl * one, const KvpValueImpl * two) noexcept if (one == two) return 0; if (one && !two) return 1; if (!one && two) return -1; + assert (one && two); /* Silence a static analysis warning. */ return compare(*one, *two); }