No one linter or static analysis tool will pick up every possible error.
cppcheck picks this up (a bit cryptically):
clang-gcc.c:17:72: error: Invalid memcmp() argument nr 3. A non-boolean value is required. [invalidFunctionArgBool]
if (memcmp(m_result_original, m_result_my_version, sizeof(struct tmp)!=0))
PVS-Studio picks it up too (more precisely):
<source>:17:1: error: V526 The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes.
flawfinder doesn't catch anything either. That doesn't mean "cppcheck is better than flawfinder".
The error here is in the programmer relying on one tool as source of truth.
cppcheck picks this up (a bit cryptically):
PVS-Studio picks it up too (more precisely): flawfinder doesn't catch anything either. That doesn't mean "cppcheck is better than flawfinder".The error here is in the programmer relying on one tool as source of truth.