Hi Thomas,
I have run static analysis tool Klocwork on ncurses 5.6, as part of MySQL code base.
( For more info about klocwork, click
www.klocwork.com )
The very first I can see is this one.
155 tinfo/captoinfo.c
where there might be an overrun on boundary.
stackptr could be 16 at line 152, then it goes to else clause, that is where there is 1 over the boundary at stack[16]
the fix is easy, line 152, from > to >=.
The report generates 252 warnings, among them 100 are memory allocation related, when you use malloc, it might return 0.
so you can not just dereference it without checking against null.
Of course there are lots of false positives to weed thru.
Are you interested in this FREE report? If so, I can send it your way.
Thanks,
Larry