[dgrunwald]

There are some static analysis tools that can check this.

Cert's SIG30 rule page has a list: https://wiki.sei.cmu.edu/confluence/display/c/SIG30-C.+Call+...

Also there's https://clang.llvm.org/extra/clang-tidy/checks/bugprone/sign...