I checked the code with cppcheck (version from git). Also I created gtk config for cppcheck - if you are interested in, you could help me to fill it to improve analysis: https://gist.github.com/scriptum/7282198
cppcheck cannot check GTK programs because glib's design is not heap-friendly: most functions needs freeing memory and cppcheck doesn't know about them. In new versions you can specify glib functions in config (there is example one), but this is huge work...
Geany: ./cppcheck ../geany --library=gtk `pkg-config --cflags glib-2.0` \ --max-configs=1 -j32 -q --template=gcc [../geany/src/editor.c:4866]: (error) Memory leak: f
This is the one and real (return-after-malloc) bug. g_return_if_fail is danger: there should be g_goto_end_if_fail and nothing other to make sure you finished transaction. You will find similar leak in plugins. This is _very_ dangerous because it doesn't look like a macro and hides return keyword from you inside!
Plugins are more interesting: https://gist.github.com/scriptum/7282262
Treebrowser bugs are false-pos. But they are appeared due to bad pattern (variable reuse):
treebrowser_browse(gchar *directory, gpointer parent) ... directory = g_strconcat(directory, G_DIR_SEPARATOR_S, NULL); ... g_free(directory);
Next leak markdown/src/conf.c:457 g_key_file_to_data never returns error (regarding to doc), this is false-pos but useless code could be removed
Next leak ../geany-plugins/scope/src/menu.c:461 flase-pos, but it's a bad pattern using pointer after free.
All others aren't false-pos and should be fixed.
-- Best regards, Pavel Roschin aka RPG