It's just C... maybe just modify the scripts to use clang instead of gcc?
Can Citadel be configured to be compiled with clang? If so, you could
try using clang-address-sanitizer or clang-static-analyzer.
Clang clang clang goes the trolley? I don't think we used any gcc-specific constructs in the code, and if any are found I would be happy to fix that problem.
Citadel has a fairly good security history. Not perfect, but good. Some of that is of course related to the fact that Citadel isn't as widely deployed as some other software. But there *are* people paying attention, and we've done well most of the time.
Go to page: