Change condition to avoid spurious compiler complaints.

X509_TRUST_get0() is checking < 0, the code here was checking == -1.  Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).

Fixes #17665

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index e71db0c9a1cf24336c3d7450088c6aca8140c800..bf674737f894ea2677e112024a50f34d1365a9f5 100644 (file)
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -134,7 +134,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     /* Get existing entry if any */
     idx = X509_TRUST_get_by_id(id);
     /* Need a new entry */
-    if (idx == -1) {
+    if (idx < 0) {
         if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
             ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
             return 0;