While looking at a bug I found this issue where we try to cast a pointer to an unsigned int to size_t. That doesn't work except by luck on a little endian machine, and even there if unsigned int != size_t (32 bit machines) overwrite other data so we've been also double lucky that whatever was overwritten didn't matter.
I may find other issues but this was self-contained enough to merit its own patch sent out asap.
Simo.