- Checking for NULL pointers or parameters in your functions
- Out of bounds indexing or buffer overflows for example in array indexes in 'for' loops
- Local variable scope masking other scopes
To make code analyze work with visual studio, for example VS2005, I set up this batch file
; devenv-prefast.bat
call "C:\Program Files\Windows SDK\v6.1\vcvars32.bat"
start "C:\Program Files\Microsoft Visual Studio 8.0\VC\Common7\IDE\devenv.exe" /UseEnvThis uses the PATH, INCLUDES, and LIBS from vcvars32.bat, and uses them in the Visual Studio environment. Then, you add /analyze to the Project -> C/C++ Command line options and it does the static code analysis
 
