From d056d8e577b43740180f1a7d2295f77c9149d8a1 Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date: Tue, 28 Nov 2017 05:03:40 -0500
Subject: [PATCH] Fix array allocation in Index_GetLeaves.

When filling the array, it iterates through `nDimension` elements, but
only allocates `nLeafSizes[k]` entries. This causes out-of-bounds access
when dimensions are greater than leafs.
---
 src/capi/sidx_api.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/capi/sidx_api.cc b/src/capi/sidx_api.cc
index af3bc82..b33ba3f 100644
--- a/src/capi/sidx_api.cc
+++ b/src/capi/sidx_api.cc
@@ -1693,8 +1693,8 @@ SIDX_C_DLL RTError Index_GetLeaves(	IndexH index,
 			(*nLeafSizes)[k] = (uint32_t)ids.size();
 
 			(*nLeafChildIDs)[k] = (int64_t*) malloc( (*nLeafSizes)[k] * sizeof(int64_t));
-			(*pppdMin)[k] = (double*) malloc ( (*nLeafSizes)[k] *  sizeof(double));
-			(*pppdMax)[k] = (double*) malloc ( (*nLeafSizes)[k] *  sizeof(double));
+			(*pppdMin)[k] = (double*) malloc (*nDimension * sizeof(double));
+			(*pppdMax)[k] = (double*) malloc (*nDimension * sizeof(double));
 			for (uint32_t i=0; i< *nDimension; ++i) {
 				(*pppdMin)[k][i] = b->getLow(i);
 				(*pppdMax)[k][i] = b->getHigh(i);