From 0b1ee9b5a3b56724b4ee23dbbfb083b540aed8e4 Mon Sep 17 00:00:00 2001
From: Teodor Sigaev <teodor@sigaev.ru>
Date: Mon, 22 Sep 2003 13:32:33 +0000
Subject: [PATCH] fix hlfinditem function. Thanks to "Stphane Bidoul"
 <stephane.bidoul@softwareag.com>.

The 'word' variable there is initialised from
the prs->words array, but immediately after,
that array may be reallocated, thus leaving
word pointing to unallocated memory.
---
 contrib/tsearch2/expected/tsearch2.out | 10 +++++-----
 contrib/tsearch2/ts_cfg.c              |  3 ++-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/contrib/tsearch2/expected/tsearch2.out b/contrib/tsearch2/expected/tsearch2.out
index 8571e59bbb1..bdcdd952cf6 100644
--- a/contrib/tsearch2/expected/tsearch2.out
+++ b/contrib/tsearch2/expected/tsearch2.out
@@ -2056,11 +2056,11 @@ An hour of storm to place
 The sculpture of these granite seams,
 Upon a woman s face. E.  J.  Pratt  (1882 1964)
 ', to_tsquery('granite&sea'));
-                                           headline                                           
-----------------------------------------------------------------------------------------------
- <b>sea</b> an hour one night
-An hour of storm to place
-The sculpture of these <b>granite</b>
+                                             headline                                             
+--------------------------------------------------------------------------------------------------
+ <b>sea</b> a thousand years,
+A thousand years to trace
+The <b>granite</b> features of this cliff
 (1 row)
 
  
diff --git a/contrib/tsearch2/ts_cfg.c b/contrib/tsearch2/ts_cfg.c
index ad06d90d9ab..1d3ca86a095 100644
--- a/contrib/tsearch2/ts_cfg.c
+++ b/contrib/tsearch2/ts_cfg.c
@@ -360,7 +360,7 @@ hlfinditem(HLPRSTEXT * prs, QUERYTYPE * query, char *buf, int buflen)
 {
 	int			i;
 	ITEM	   *item = GETQUERY(query);
-	HLWORD	   *word = &(prs->words[prs->curwords - 1]);
+	HLWORD	   *word;
 
 	while (prs->curwords + query->size >= prs->lenwords)
 	{
@@ -368,6 +368,7 @@ hlfinditem(HLPRSTEXT * prs, QUERYTYPE * query, char *buf, int buflen)
 		prs->words = (HLWORD *) repalloc((void *) prs->words, prs->lenwords * sizeof(HLWORD));
 	}
 
+	word = &(prs->words[prs->curwords - 1]);
 	for (i = 0; i < query->size; i++)
 	{
 		if (item->type == VAL && item->length == buflen && strncmp(GETOPERAND(query) + item->distance, buf, buflen) == 0)
-- 
GitLab