It's hard to find this sort of thing statically in C code, especially if your static analysis tool is configured to treat C typecasts as necessarily correct because there's no syntax in C for expressing how dangerous a cast you intended, unlike C++. Of course, I don't know whether this code is C or C++.