Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit d2495f2

Browse files
hlinnakahlinnaka
committed
Fix bug in to_tsquery().
We were using memcpy() to copy to a possibly overlapping memory region, which is a no-no. Use memmove() instead.
1 parent 9b63e98 commit d2495f2

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

src/backend/tsearch/to_tsany.c

+6-1
Original file line numberDiff line numberDiff line change
@@ -340,6 +340,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
340340
if (query->size == 0)
341341
PG_RETURN_TSQUERY(query);
342342

343+
/* clean out any stopword placeholders from the tree */
343344
res = clean_fakeval(GETQUERY(query), &len);
344345
if (!res)
345346
{
@@ -349,6 +350,10 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
349350
}
350351
memcpy((void *) GETQUERY(query), (void *) res, len * sizeof(QueryItem));
351352

353+
/*
354+
* Removing the stopword placeholders might've resulted in fewer
355+
* QueryItems. If so, move the operands up accordingly.
356+
*/
352357
if (len != query->size)
353358
{
354359
char *oldoperand = GETOPERAND(query);
@@ -357,7 +362,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
357362
Assert(len < query->size);
358363

359364
query->size = len;
360-
memcpy((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char *) query));
365+
memmove((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char *) query));
361366
SET_VARSIZE(query, COMPUTESIZE(len, lenoperand));
362367
}
363368

0 commit comments

Comments
 (0)