Apache HTTP Server project continues to develop, and so does PVS-Studio analyzer, growing even more powerful with every new version. Let's see what we've got this time: http://www.viva64.com/en/b/0427/
For the records and to give credit to your static analyzer, the "Suspicious expression" has been fixed in r1797550 and is recorded as a CVE (CVE-2017-7679) "Incorrect check for an empty string" has been fixed in r1812307 and is now also spotted by gcc 8.1+ "Incrementing a pointer instead of the value" is a mystery to me. This code does not seem to be there anymore! "Incorrect password clearing" is recorded as bug 58921. "Uninitialized variable" is part of APR, not httpd itself. I'll apply a fix for that. "Incorrect check of HRESULT" is fixed in r1832198. "Superfluous operation?" is fixed in r1832200. "Redundant condition" is fixed in r1832202. Thanks for the report. This should have help us close a potential security issue much earlier :( Anyway, any new analysis would be appreciated.
*** Bug 60903 has been marked as a duplicate of this bug. ***