Julian Taylor (of Debian and Ubuntu fame) suggested to use cppcheck to catch those more reliably than a silly grep... unfortunately it crashed on me at 60% through the code base (choked on count.c) but meanwhile it picked up 1 more:
[SUMA/SUMA_MiscFunc.c:9883]: (error) Undefined behavior: Variable 'buf1' is used as parameter and destination in s[n]printf().
It seems to pick up more of problematic cases (some still might be false positives), which you can review in [
www.onerussian.com] (just grep for error and ignore "Please report this to Cppcheck developers" ones)
Hope this would be of help