build: Silence cppcheck false positive

An upcoming patch will touch gnutls_pkcs11_privkey_init(), which is
sufficient to make the cppcheck portion of CI choke on a false
positive in the unrelated gnutls_pkcs11_privkey_import_url() because
the file becomes interesting again.  cppcheck is not smart enough to
realize that an out-of-scope memory reference stored in a[1] is not
going to be utilized by the later pkcs11_get_attribute_value(..., a,
1) outside the if block; but the solution is as simple as expanding
the scope of tval.

Signed-off-by: Eric Blake <eblake@redhat.com>

diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 3ecd1837b47668976c6791a386af3dab156da6ca..673794ec81089a9fd82206b2c32ed32e239bc5a8 100644 (file)
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -515,6 +515,7 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
        struct ck_attribute a[4];
        ck_key_type_t key_type;
        ck_bool_t reauth = 0;
+       ck_bool_t tval;
 
        PKCS11_CHECK_INIT;
 
@@ -578,8 +579,7 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
 
 
        if (pkey->pk_algorithm == GNUTLS_PK_RSA) { /* determine whether it can do rsa-pss */
-               ck_bool_t tval = 0;
-
+               tval = 0;
                a[0].type = CKA_MODULUS;
                a[0].value = NULL;
                a[0].value_len = 0;