The Clang project features a useful tool for analyzing source code statically, see http://clang-analyzer.llvm.org/scan-build.html .

A simple way to run it on Zabbix source code is as follows:

$ apt-get install clang
$ export CC=clang
$ scan-build ./configure ...
$ scan-build make -s -j4

The tool produces a report viewable within a Web browser. Currently, it lists around 17 bugs, mostly having to do with dead stores (unused values).

We might also with to perform static analysis as part of our unit test framework.