Coverity string_null false positive cannot be suppressed at the source

Question

I have a C function that Coverity incorrectly flags as a string_null_source (i.e., the source of a non-null-terminated string). I'm asking for help in suppressing the error at the source. Some error checks are elided below.

int
source_func(const char *filename, char **contents)
{
    FILE *fp;
    int length, read_len;
    int rc = 0;

    fp = fopen(filename, "r");
    ... error checking ...

    length = ftell(fp);
    ... error checking ...

    if (length == 0) {
        *contents = NULL;
    } else {
        *contents = calloc(length + 1, sizeof(char));
        ... error checking ...
        rewind(fp);

        read_len = fread(*contents, 1, length, fp);
        ... error checking ...
    }

bail:
    if (fp != NULL) {
        fclose(fp);
    }
    return rc;
}

Coverity identifies this function as a string_null_source because Function "fread" does not terminate string "*contents". However, the array was created by calloc(), which sets every byte to 0. So it's inherently null-terminated when we call fread() with one byte less than the array size.

The problem is that I can't get Coverity to stop throwing a string_null error when the caller passes *contents to another function that expects a null-terminated string:

static bool
caller(xmlNode *root, const char *sigfile)
{
    bool passed = FALSE;
    char *expected;
    int rc = source_func(sigfile, &expected);

    ... ensure rc == 0, which implies that expected is null-terminated ...

    passed = target_func(root, expected);
    free(expected);
    return passed;
}

Coverity complains: Event string_null: Passing unterminated string "expected" to "target_func", which expects a null-terminated string, and identifies source_func() as the source.

---

I'm asking for help in suppressing the error. I've tried the following:

• Adding // coverity[string_null_source:FALSE] (and // coverity[string_null_source:SUPPRESS]) above the fread() line
• Adding // coverity[-string_null_taint:arg-1] above the source_func() definition

In each case, the error still appears in the analysis results.

I need to suppress the false positive at the source_func() level. There may be many callers, and I should not have to add // coverity[string_null:FALSE] annotations at each caller.