> This was caught via static analysis (clang asan), which I can definitely > recommend.
Small nitpick: ASan (and the other sanitizers) are *dynamic* analyzers, as they happen during runtime. Static analysis is analyzing without executing anything. Examples of static analyzers would be clang-tidy or cppcheck. Newer GCC versions also have a `-fanalyzer` flag for statically analyzing C code, but in my experience it's not mature yet - but the direction looks promising. - NRK
