Update to the latest ast/ksh93 github commit. From their commit log:
Coverity Out-of-bounds read
This Coverity Scan issue appears to be a false positive.
This change is a reformulation of the code that attempts
to both clarify the behavior and suppress the false positive
error.
Coverity CID#316729