Sonarcloud not finding obvious C problems

Question

I made a very simple C file just to test the output of sonarcloud when using C code. My entire code is this:

#include <stdio.h>
#include <stdlib.h>

int main() {

 int i;

 for(int j = 0; j < 100; j++) {
    void* unreleasedMemory = malloc(1024);
    printf("Address: %p\n", unreleasedMemory);
 }

 printf("Uninitialized i is: %d", i);
 return 0;

}

When I start a new project on sonarcloud and issue both build-wrapper and sonar-scanner commands like this:

build-wrapper-macosx-x86 --out-dir bw-output cmake .

After that:

sonar-scanner \
-Dsonar.projectKey=ctest \
-Dsonar.organization=<orgname> \
-Dsonar.sources=. \
-Dsonar.cfamily.build-wrapper-output=bw-output \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.login=<tokenvalue>

Output of both parameters looks fine. Unfortunately, it doesn't detect these fairly obvious errors:

What am I doing wrong so sonarcloud will pick them up?

Answer 1

Quoting https://docs.sonarqube.org/display/PLUG/Building+on+Mac+OS+X :

Add execution of Build Wrapper as a prefix to the usual build command that you use to build your project (the example below uses xcodebuild, but any build tool that performs a full build can be used)

In other words: all files that should be analyzed must be compiled during execution of build-wrapper. This is needed because build-wrapper watches compiler invocations to gather information about which files are compiled in your project and with which options, then this information is used for analysis during execution of sonar-scanner.

I seriously doubt that your execution of cmake . performs compilation of main.c - it just generates make-files, and thus that's why main.c is actually not analyzed properly.

Execution of

cmake .
build-wrapper-macosx-x86 --out-dir bw-output make clean all

followed by execution of sonar-scanner with -Dsonar.cfamily.build-wrapper-output=bw-output produces desired result: