Annotate a Coverity false positive.

The open-vm-tools Coverity scan reports a NULL pointer dereference
for the variable untrustedCerts.  However, untrustedCerts is NULL
only if no untrusted certs are found, in which case the code that
dereferences untrustedCerts isn't executed.

diff --git a/open-vm-tools/vgauth/serviceImpl/verify.c b/open-vm-tools/vgauth/serviceImpl/verify.c
index 1a47c6c1b4263cfe7c8886ee9d13c42682e5f06e..7e5b31d708278c0ea363cf4461755ce353003253 100644 (file)
--- a/open-vm-tools/vgauth/serviceImpl/verify.c
+++ b/open-vm-tools/vgauth/serviceImpl/verify.c
@@ -1,5 +1,5 @@
 /*********************************************************
- * Copyright (C) 2011-2019 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2020 VMware, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published
@@ -305,6 +305,7 @@ ServiceVerifyAndCheckTrustCertChainForSubject(int numCerts,
       numTrusted--;
       leafCert = trustedCerts[0];
       memmove(trustedCerts, &(trustedCerts[1]), sizeof(*trustedCerts) * numTrusted);
+   /* coverity[var_deref_op] */
    } else if (g_strcmp0(pemCertChain[0], untrustedCerts[0]) == 0) {
       numUntrusted--;
       leafCert = untrustedCerts[0];