Update to the latest ast/ksh93 github commit. From their commit log:

Coverity Out-of-bounds read

This Coverity Scan issue appears to be a false positive.
This change is a reformulation of the code that attempts
to both clarify the behavior and suppress the false positive
error.

Coverity CID#316729