base/keysz.c: Fix bogus pointer dereference on wide-arg key size lists.

I must have been seriously short on brain that day.

diff --git a/base/keysz.c b/base/keysz.c
index 48c965e..8e5e2ca 100644 (file)
--- a/base/keysz.c
+++ b/base/keysz.c
@@ -56,7 +56,7 @@ size_t keysz(size_t sz, const octet *ksz)
   unsigned t, u, v;
 
   ksz++;
-#define ARG(i) (wd == 1 ? ksz[i] : LOAD16(2*i))
+#define ARG(i) (wd == 1 ? ksz[i] : LOAD16(ksz + 2*i))
   if (sz == 0)
     return (ARG(0));
   else switch (op) {