At Red Hat, we have recently scanned some of our distribution packages
with a static analyser. The scan revealed a couple of issues in c-ares
-- some of them real bugs, some of them false positives. I am currently
going through the list and fixing them if necessary.
Attached is a first patch - the string was allocated using "length *
sizeof(char *)" where it should probably have said "sizeof(char)".