We get quite a many clang analyzer warnings from the code generated by tolua. What we can do to reduce the spam, is to fix these issues in our included tolua (and submit those fixes to upstream, too), and use it for clang analyzer runs - or even by default, as it's then going to produce safer code than upstream. (Note: Latest upstream release is about ten years old, and e.g. Debian and derivatives are shipping even older version)
Some warnings seem to still be coming from the generated code, even with the patch from here. Regardless, plan to go forward with what we already have, as it's at least clear improvement. Will leave rest to a future ticket.
We get quite a many clang analyzer warnings from the code generated by tolua. What we can do to reduce the spam, is to fix these issues in our included tolua (and submit those fixes to upstream, too), and use it for clang analyzer runs - or even by default, as it's then going to produce safer code than upstream. (Note: Latest upstream release is about ten years old, and e.g. Debian and derivatives are shipping even older version)