scan-build
I ran scan-build in the default configuration and of the thousands of pieces of code that it thought looked suspicious, I've picked out these three that I believe could truly use some attention. The first one is a memory safety issue, the second is a memory leak, and the third is just some unnecessary code that clutters the function.