Did you count the ones I listed not in test code? I probably should have separated them out...
No, I didn't. Now I understand the source of my confusion, thanks.
My account appears to be closed, so I hope you don't mind if I tell you the status of the two new crypt32 reports: 725 NULL_RETURNS Context_CopyProperties crypt32/context.c This one is valid, sort of. The returned property lists might indeed be NULL, but only if a) the app passes a bogus pointer, which will crash on Windows, b) Wine's code passes a bogus pointer, which is a bug elsewhere, or c) memory gets corrupted. As these are all exceptional conditions, I'll introduce an assert.
715 FORWARD_NULL CryptMsgGetAndVerifySigner crypt32/msg.c False positive, though it would be hard for a static analyzer to know it. I believe it's complaining about pdwSignerIndex being dereferenced on line 2848, when it's checked against NULL on line 2827, implying it might be allowed to be NULL. However it's only dereferenced if CMSG_USE_SIGNER_INDEX_FLAG is set, which implies that pdwSignerIndex must not be NULL. --Juan