The Static Analysis tool Scan-Build added warning that the left operand of > can be a garbage value in function OpenCoreDebugFiles where aec->sampFreq is used without being initialized.

Very low priority, and causes no problems - garbage values would merely cause either 16000 or random value between 0-15999 to be used as the wav frequency - and this would likely only be able to happen in an error path where no usable debug data would exist. And if the file is corrupted, it's not a problem. That said, ensuring the structure is safely allocated is worthwhile. Though I'd use calloc perhaps instead; and clearing with "sizeof(FooStructure)" is error-prone, such as if the malloc is changed to sizeof(FooBarStructure) or sizeof(FooStructure+N). memset(x, 0, sizeof(*x)) is safer. Also: upstream issue; file a bug at the webrtc.org issue tracker.

Comment on attachment 8691339 [details] [diff] [review] Bug 1227481.diff Review of attachment 8691339 [details] [diff] [review]: ----------------------------------------------------------------- r+ with tweak (sizeof(*aec))

I definitely agree with you, best practice is to use sizeof(*data) in cases when you alloc more memory than the actual size of the type that data points to.