The analyzer has detected a strange construct, which implied freeing memory for an arbitrary number of pointers, but only the first one will be freed.
delete p1, p2;
It could have been written by an unskillful programmer or a programmer who has not dealt with C++ for a long time. At first you might think that this code deletes two objects whose addresses are stored in the pointers 'p1' and 'p2'. But actually we have two operators here: one is 'delete', the other is the comma operator ','.
The 'delete' operator is executed first, and then the ',' operator returns the value of the second argument (i.e. 'p2').
In other words, this construct is identical to this one: (delete p1), p2;
The correct code should look like this:
delete p1; delete p2;
Note. The analyzer won't generate the warning if the comma operator is used deliberately for certain purposes. Here's an example of safe code:
if (x) delete p, p = nullptr;
After deleting the object, the pointer is set to null. The ',' operator is used to unite the two operations so that one doesn't have to use curly braces.
According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-401.