From 9623500d0d5fd952056c823a3215a57f29ca8cd1 Mon Sep 17 00:00:00 2001
From: "Jerome M. BERGER" <jerome.berger@sagemcom.com>
Date: Tue, 20 Mar 2018 09:34:03 +0100
Subject: [PATCH 1/2] Fix stats for `or` and `and` nodes. Fixes #79.

---
 mpc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mpc.c b/mpc.c
index c7e8f6c..c7672a3 100644
--- a/mpc.c
+++ b/mpc.c
@@ -3644,7 +3644,7 @@ static int mpc_nodecount_unretained(mpc_parser_t* p, int force) {
   if (p->type == MPC_TYPE_COUNT) { return 1 + mpc_nodecount_unretained(p->data.repeat.x, 0); }
 
   if (p->type == MPC_TYPE_OR) { 
-    total = 0;
+    total = 1;
     for(i = 0; i < p->data.or.n; i++) {
       total += mpc_nodecount_unretained(p->data.or.xs[i], 0);
     }
@@ -3652,7 +3652,7 @@ static int mpc_nodecount_unretained(mpc_parser_t* p, int force) {
   }
   
   if (p->type == MPC_TYPE_AND) {
-    total = 0;
+    total = 1;
     for(i = 0; i < p->data.and.n; i++) {
       total += mpc_nodecount_unretained(p->data.and.xs[i], 0);
     }

From 1ac37a9ebaa54cc23179d365ce1c41808eb1bf4c Mon Sep 17 00:00:00 2001
From: "Jerome M. BERGER" <jerome.berger@sagemcom.com>
Date: Tue, 20 Mar 2018 09:35:44 +0100
Subject: [PATCH 2/2] Fix a buffer overflow when optimizing `or` nodes. Fixes
 #78.

---
 mpc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mpc.c b/mpc.c
index c7672a3..5f0bf25 100644
--- a/mpc.c
+++ b/mpc.c
@@ -3725,7 +3725,7 @@ static void mpc_optimise_unretained(mpc_parser_t *p, int force) {
       n = p->data.or.n; m = t->data.or.n;
       p->data.or.n = n + m - 1;
       p->data.or.xs = realloc(p->data.or.xs, sizeof(mpc_parser_t*) * (n + m -1));
-      memmove(p->data.or.xs + m, t->data.or.xs + 1, n * sizeof(mpc_parser_t*));
+      memmove(p->data.or.xs + m, p->data.or.xs + 1, (n - 1) * sizeof(mpc_parser_t*));
       memmove(p->data.or.xs, t->data.or.xs, m * sizeof(mpc_parser_t*));
       free(t->data.or.xs); free(t->name); free(t);
       continue;