Hello @francois14,
Welcome to the community!
I think you are misusing the tool in the sense that you are not using a real-life scenario.
All the issue that you are expecting relates to rules with symbolic-execution tag. Quoting the documentation:
symbolic-execution: this tag is for rules that reason about the state of the program. They usually work together to find path sensitive bugs and vulnerabilities. Once a fatal state of the program is reached, one issue will be raised and the symbolic execution analysis of the current path will stop. For that reason, it is not recommended to evaluate these rules independently of each other as it might give a false sense of undetected issues.
Now in your example, after the first bug, you reach an undefined behavior. the rest of the code will not be executed, so it doesn’t make sense to reason about the state of your program since it will not be reached.
If you want to make sure that these issues are detectable by the analyzer, I would suggest you split the example, put every undefined behavior/bug in a separate function. This way every bug can be reachable and they will all be reported.
Note: If you have two consecutive undefined behavior in your actual code the first one will be reported. The second one will be reported if you fix the first one without fixing the second.
Let me know if you have further questions
Thanks,