I wrote: > Now I'd like to try CHERI on packages like gettext, and see whether > it finds bugs that neither valgrind nor the gcc bounds-checking options > can detect.
Did that. Indeed, CHERI found a memory overrun bug that valgrind had not found [1]. Just by running "make check" after configuring the package with CC=cc CFLAGS=-ggdb Bruno [1] https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff;h=c567dde0c0af8bb95b122cd989077b00e23f57e1
