No one linter or static analysis tool will pick up every possible error.<p>cppcheck picks this up (a bit cryptically):<p><pre><code> clang-gcc.c:17:72: error: Invalid memcmp() argument nr 3. A non-boolean value is required. [invalidFunctionArgBool]
if (memcmp(m_result_original, m_result_my_version, sizeof(struct tmp)!=0))
</code></pre>
PVS-Studio picks it up too (more precisely):<p><pre><code> <source>:17:1: error: V526 The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes.
</code></pre>
flawfinder doesn't catch anything either. That doesn't mean "cppcheck is better than flawfinder".<p>The error here is in the programmer relying on one tool as source of truth.