A better fix for oss-fuzz 1465.

git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@779 6239d852-aaf2-0410-a92c-79f79f948069
author: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069> 2017-05-11 16:28:54 +0000
committer: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069> 2017-05-11 16:28:54 +0000
commit: 25aebdd07fb4de49d00d037586fb1770177662cc (patch)
tree: e742222c8df096ad53c8d36b01173ef53f2af22a /src/pcre2_match.c
parent: 1b312f3e3ce8b9b1974e26f39b0ffd3fe87825ed (diff)
download: pcre2-25aebdd07fb4de49d00d037586fb1770177662cc.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/pcre2_match.c b/src/pcre2_match.c
index 373ee9e..87def5e 100644
--- a/src/pcre2_match.c
+++ b/src/pcre2_match.c
@@ -189,7 +189,7 @@ end of the backtrack frame, but when there are capturing parentheses the space
 allocated is bigger so we want to be able to address more elements. Without the 
 case, -fsanitize=undefined grumbles at this. */
 
-#define Fovector           ((PCRE2_SIZE *)(F->ovector))
+#define Fovector           F->ovector
 
 
 #ifdef DEBUG_FRAMES_DISPLAY
@@ -6281,7 +6281,8 @@ The last of these is changed within the match() function if the frame vector
 has to be expanded. We therefore put it into the match block so that it is
 correct when calling match() more than once for non-anchored patterns. */
 
-frame_size = sizeof(heapframe) + ((re->top_bracket - 1) * 2 * sizeof(PCRE2_SIZE));
+frame_size = offsetof(heapframe, ovector) + 
+  re->top_bracket * 2 * sizeof(PCRE2_SIZE);
 
 /* Limits set in the pattern override the match context only if they are
 smaller. */
author	ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>	2017-05-11 16:28:54 +0000
committer	ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>	2017-05-11 16:28:54 +0000
commit	25aebdd07fb4de49d00d037586fb1770177662cc (patch)
tree	e742222c8df096ad53c8d36b01173ef53f2af22a /src/pcre2_match.c
parent	1b312f3e3ce8b9b1974e26f39b0ffd3fe87825ed (diff)
download	pcre2-25aebdd07fb4de49d00d037586fb1770177662cc.tar.gz