Please consider scanning pipewire regularly using Coverity scan
Since pipewire is planned to be a critical Linux plumbing component, please consider setting up regular Coverity Scans on the code. The service is free for OSS projects:
Ideally, it would be great to configure it as part of the pipewire CI (it integrates with GH and Travis atleast - see https://scan.coverity.com/faq).
cppcheck
et al are good, and gcc and clang static analysis checks are getting better, but from my experiences Coverity finds bugs no other (free) tooling does.
FTR, pulseaudio appears to use Coverity and ooi there is https://scan.coverity.com/projects/qarmin-pipewire (not related to this project it seems