One warns about using system() which we only use in test code (we're all adults):
src/fish_tests.cpp:2015:9: warning: calling 'system' uses a command processor [cert-env33-c]
if (system("mkdir -p test/fish_expand_test/bb/")) err(L"mkdir failed");
Some conversion warnings that don't seem very useful:
src/input_common.cpp:181:20: warning: 'signed char' to 'wint_t' (aka 'unsigned int') conversion; consider casting to 'unsigned char' first. [cert-str34-c]
wint_t b = evt.get_char();
Warning about varargs doesn't make sense, because some of our functions use std::vswprintf() internally.
src/ast.cpp:486:10: warning: do not define a C-style variadic function; consider using a function parameter pack or currying instead [cert-dcl50-cpp]
void internal_error(const char *func, const wchar_t *fmt, ...) const {
Finally, what seems like a false positive; "va" is initialized by va_copy:
src/common.cpp:468:18: warning: Function 'vswprintf' is called with an uninitialized va_list argument [clang-analyzer-valist.Uninitialized]
status = std::vswprintf(buff, size / sizeof(wchar_t), format, va);
