Clang's scan-build static analysis tool claims to find bugs

scan-build is a really cool static analysis tool put together by the clang team. I decided to give it a try on the master branch of daala and it claims to have found 26 bugs. There may be false positives, but I believe that this is worth looking in to. When I run scan-build here is the output I get:
Ian@kartal:(daala)(master) → scan-build make
scan-build: Using '/usr/local/Cellar/llvm/3.6.2/bin/clang-3.6' for static analysis
(CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /Users/Ian/gg/daala/build-aux/missing autoheader)
rm -f stamp-h1
touch config.h.in
cd . && /bin/sh ./config.status config.h
config.status: creating config.h
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
Making all in doc
make[2]: Nothing to be done for `all'.
  CC       src/accounting.lo
  CC       src/adapt.lo
  CC       src/entcode.lo
  CC       src/entdec.lo
  CC       src/filter.lo
  CC       src/generic_code.lo
  CC       src/generic_decoder.lo
  CC       src/info.lo
  CC       src/intra.lo
  CC       src/laplace_decoder.lo
src/laplace_decoder.c:67:5: warning: Value stored to 'sym' is never read
    sym = OD_MINI(xs, 15);
    ^     ~~~~~~~~~~~~~~~
src/laplace_decoder.c:179:47: warning: Division by zero
         (int)((256*ex/(ex + 256) + (ex>>5)*ex/((n + 1)*(n - 1)*(n - 1)))));
                                    ~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
src/odintrin.h:84:34: note: expanded from macro 'OD_MINI'
# define OD_MINI(a, b) ((a) ^ (((b) ^ (a)) & -((b) < (a))))
                                 ^
2 warnings generated.
  CC       src/laplace_tables.lo
  CC       src/logging.lo
  CC       src/mc.lo
src/mc.c:2511:3: warning: Value stored to 'mvb_sz' is never read
  mvb_sz = 1 << ((4 - level) >> 1);
  ^        ~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
  CC       src/partition.lo
  CC       src/pvq.lo
  CC       src/pvq_code.lo
  CC       src/pvq_decoder.lo
  CC       src/quantizer.lo
  CC       src/state.lo
  CC       src/switch_table.lo
  CC       src/tf.lo
  CC       src/util.lo
  CC       src/zigzag4.lo
  CC       src/zigzag8.lo
  CC       src/zigzag16.lo
  CC       src/zigzag32.lo
  CC       src/zigzag64.lo
  CC       src/dct.lo
  CC       src/internal.lo
  CC       src/x86/cpu.lo
  CC       src/x86/sse2dct.lo
  CC       src/x86/sse41dct.lo
  CC       src/x86/avx2dct.lo
  CC       src/x86/sse2filter.lo
  CC       src/x86/sse2mc.lo
  CC       src/x86/sse2util.lo
  CC       src/x86/x86state.lo
  CCLD     src/libdaalabase.la
  CC       src/decode.lo
src/decode.c:501:53: warning: The right operand of '+' is a garbage value
          pred[bo + i*n + j] = q*pred[bo + i*n + j] + predt[bo + i*n + j];
                                                    ^ ~~~~~~~~~~~~~~~~~~~
src/decode.c:594:32: warning: The right operand of '+' is a garbage value
    pred[0] = pred[0]*dc_quant + predt[0];
                               ^ ~~~~~~~~
src/decode.c:1023:5: warning: Value stored to 'h' is never read
    h = frame_height >> ydec;
    ^   ~~~~~~~~~~~~~~~~~~~~
src/decode.c:1073:13: warning: Value stored to 'h' is never read
            h = frame_height >> ydec;
            ^   ~~~~~~~~~~~~~~~~~~~~
4 warnings generated.
  CC       src/infodec.lo
  CCLD     src/libdaaladec.la
  CC       src/block_size_enc.lo
  CC       src/encode.lo
src/encode.c:671:21: warning: Function call argument is an uninitialized value
  maxval = maxval + abs(c[y*n + x]);
                    ^~~~~~~~~~~~~~~
src/encode.c:778:12: warning: The left operand of '-' is a garbage value
           - predt[bo + i*n + j], q);
           ^
src/odintrin.h:110:29: note: expanded from macro 'OD_DIV_R0'
# define OD_DIV_R0(x, y) (((x) + OD_FLIPSIGNI((((y) + 1) >> 1) - 1, (x)))/(y))
                            ^
src/encode.c:851:27: warning: The left operand of '>>' is a garbage value
      t = x[i*stride + j] >> 2;
          ~~~~~~~~~~~~~~~ ^
src/encode.c:937:18: warning: The left operand of '-' is a garbage value
      tmp = x[i] - y[i];
            ~~~~ ^
src/encode.c:1077:23: warning: The left operand of '-' is a garbage value
    if (abs(dblock[0] - predt[0]) < dc_quant*141/256) { /* 0.55 */
            ~~~~~~~~~ ^
src/encode.c:1109:19: warning: Assigned value is garbage or undefined
    scalar_out[0] = dblock[0];
                  ^ ~~~~~~~~~
src/encode.c:2385:5: warning: Value stored to 'h' is never read
    h = frame_height >> ydec;
    ^   ~~~~~~~~~~~~~~~~~~~~
src/encode.c:2443:9: warning: Value stored to 'unfiltered_error' is never read
        unfiltered_error = 0;
        ^                  ~
src/encode.c:2444:9: warning: Value stored to 'filtered_error' is never read
        filtered_error = 0;
        ^                ~
9 warnings generated.
  CC       src/entenc.lo
  CC       src/generic_encoder.lo
  CC       src/infoenc.lo
  CC       src/laplace_encoder.lo
  CC       src/mcenc.lo
src/mcenc.c:4404:3: warning: Value stored to 'mvg' is never read
  mvg = dp->mvg;
  ^     ~~~~~~~
src/mcenc.c:4416:5: warning: Value stored to 'mvg' is never read
    mvg = dp->predicted_mvgs[pi];
    ^     ~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
  CC       src/pvq_encoder.lo
src/pvq_encoder.c:186:13: warning: The right operand of '+' is a garbage value
    xy = xy + x[pos];
            ^ ~~~~~~
src/pvq_encoder.c:218:13: warning: The right operand of '+' is a garbage value
    xy = xy + x[pos];
            ^ ~~~~~~
src/pvq_encoder.c:685:3: warning: Value stored to 'tell' is never read
  tell = 0;
  ^      ~
3 warnings generated.
  CC       src/x86/x86enc.lo
  CC       src/x86/x86mcenc.lo
  CCLD     src/libdaalaenc.la
  CC       examples/examples_dump_video-dump_video.o
  CCLD     examples/dump_video
  CC       examples/examples_encoder_example-encoder_example.o
  CCLD     examples/encoder_example
  CC       examples/examples_player_example-player_example.o
  CCLD     examples/player_example
  CC       src/src_tests_dcttest-dct.o
src/dct.c:3252:48: warning: The right operand of '*' is a garbage value
    for (i = 0; i < n; i++) t[j] += basis[i][j]*y[i];
                                               ^~~~~
src/dct.c:3478:7: warning: Function call argument is an uninitialized value
      printf("%8.5f%c", basis[i][j], j == n - 1 ? '\n' : ' ');
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/dct.c:3552:33: warning: The left operand of '-' is a garbage value
        e[i][j] += (basis[i][k] - tbasis[i][k])*AUTOCORR[k - j + 63];
                    ~~~~~~~~~~~ ^
src/dct.c:3668:38: warning: Assigned value is garbage or undefined
      for (u = 0; u < n*2; u++) y[u] = x[u][v];
                                     ^ ~~~~~~~
4 warnings generated.
  CC       src/src_tests_dcttest-internal.o
  CC       src/x86/src_tests_dcttest-cpu.o
  CC       src/x86/src_tests_dcttest-sse2dct.o
  CC       src/x86/src_tests_dcttest-sse41dct.o
  CC       src/x86/src_tests_dcttest-avx2dct.o
  CC       src/src_tests_dcttest-filter.o
  CCLD     src/tests/dcttest
  CC       src/tests/src_tests_test_32x32-test_32x32.o
  CCLD     src/tests/test_32x32
  CC       src/tests/src_tests_ectest-ectest.o
In file included from src/tests/ectest.c:13:
src/tests/../entenc.c:120:31: warning: Call to 'malloc' has an allocation size of 0 bytes
  enc->buf = (unsigned char *)malloc(sizeof(*enc->buf)*size);
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/tests/ectest.c:135:16: warning: Value stored to 'ptr' is never read
    if(ft==512)ptr=od_ec_enc_done(&enc,&ptr_sz);
               ^   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
  CCLD     src/tests/ectest
  CC       src/tests/src_tests_test_coef_coder-test_coef_coder.o
src/tests/test_coef_coder.c:220:3: warning: Function call argument is an uninitialized value
  od_ec_dec_init(&dec, buf, buf_sz);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
  CCLD     src/tests/test_coef_coder
  CC       src/tests/src_tests_logging_test-logging_test.o
  CCLD     src/tests/logging_test
  CC       src/tests/src_tests_test_divu_small-test_divu_small.o
  CCLD     src/tests/test_divu_small
  CC       src/tests/src_tests_check_tests-check_main.o
  CC       src/tests/src_tests_check_tests-headerencode_test.o
In file included from src/tests/headerencode_test.c:32:
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
     _ck_assert_failed(__FILE__, __LINE__, "Assertion '"#expr"' failed" , ## __VA_ARGS__, NULL)
                                                                          ^
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
/usr/local/Cellar/check/0.10.0/include/check.h:454:75: warning: token pasting of ',' and __VA_ARGS__
      is a GNU extension [-Wgnu-zero-variadic-macro-arguments]
14 warnings generated.
  CCLD     src/tests/check_tests
clang-3.6: warning: argument unused during compilation: '-pthread'
clang-3.6: warning: argument unused during compilation: '-pthread'
scan-build: 26 bugs found.
scan-build: Run 'scan-view /var/folders/m1/78tf18750v38gm6y6y3dsm700000gn/T/scan-build-2015-10-26-102217-91347-1' to examine bug reports.
The scan-view tool starts up a little web server which displays the code with annotations about what assumptions scan-build makes.
xiph / daala

Clang's scan-build static analysis tool claims to find bugs #161
