I’ve had Claws-Mail added to Coverity’s scanner. The first result is : 0.30 report per 1000 lines of code. This is quite good I think, although these metrics aren’t a holy graal and static checking doesn’t catch everything.
There are 91 reports to look at, which I’ll start doing tomorrow evening – I’ll be alone at home this week, will use this time to bugfix!
Update: 6 reports remain, which are false positives. The fixed problems were mainly resource leaks (either fds or memory allocations), missing NULL checks when dereferencing pointers — most of them harmless but good to have fixed anyway, and uninitialized variables. No horrible bug was found by Coverity’s scanner, just corner cases. I’ve also ran some external plugins through it, and most of them are rather clean, with the exception of VCalendar, where most reports are due to libical which uses an apparently confusing memory allocation/free scheme.