From f738675f1d857917e54751961da28d7e5aaaf440 Mon Sep 17 00:00:00 2001
From: Arseny Kapoulkine <arseny.kapoulkine@gmail.com>
Date: Sun, 26 Jul 2015 21:04:52 -0700
Subject: Fix two UB sanitizer false positives

Change the expression to reference the array element indirectly. The memory
block can be bigger than the structure so it's invalid to use static data[]
size for bounds checking.
---
 src/pugixml.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/pugixml.cpp')

diff --git a/src/pugixml.cpp b/src/pugixml.cpp
index b3195f7..07f3a33 100644
--- a/src/pugixml.cpp
+++ b/src/pugixml.cpp
@@ -7305,7 +7305,7 @@ PUGI__NS_BEGIN
 
 			if (_root_size + size <= _root->capacity)
 			{
-				void* buf = _root->data + _root_size;
+				void* buf = &_root->data[0] + _root_size;
 				_root_size += size;
 				return buf;
 			}
@@ -7355,7 +7355,7 @@ PUGI__NS_BEGIN
 			new_size = (new_size + xpath_memory_block_alignment - 1) & ~(xpath_memory_block_alignment - 1);
 
 			// we can only reallocate the last object
-			assert(ptr == 0 || static_cast<char*>(ptr) + old_size == _root->data + _root_size);
+			assert(ptr == 0 || static_cast<char*>(ptr) + old_size == &_root->data[0] + _root_size);
 
 			// adjust root size so that we have not allocated the object at all
 			bool only_object = (_root_size == old_size);
-- 
cgit v1.2.3