Fix bug in to_tsquery().

We were using memcpy() to copy to a possibly overlapping memory region,
which is a no-no. Use memmove() instead.

diff --git a/src/backend/tsearch/to_tsany.c b/src/backend/tsearch/to_tsany.c
index e26f73984c780b822f1ae73964e76afa8517b6f3..fe9a43c1796f4b5c44bbf08cd7c31fe5fab7a72a 100644 (file)
--- a/src/backend/tsearch/to_tsany.c
+++ b/src/backend/tsearch/to_tsany.c
@@ -342,6 +342,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
        if (query->size == 0)
                PG_RETURN_TSQUERY(query);
 
+       /* clean out any stopword placeholders from the tree */
        res = clean_fakeval(GETQUERY(query), &len);
        if (!res)
        {
@@ -351,6 +352,10 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
        }
        memcpy((void *) GETQUERY(query), (void *) res, len * sizeof(QueryItem));
 
+       /*
+        * Removing the stopword placeholders might've resulted in fewer
+        * QueryItems. If so, move the operands up accordingly.
+        */
        if (len != query->size)
        {
                char       *oldoperand = GETOPERAND(query);
@@ -359,7 +364,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
                Assert(len < query->size);
 
                query->size = len;
-               memcpy((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char *) query));
+               memmove((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char *) query));
                SET_VARSIZE(query, COMPUTESIZE(len, lenoperand));
        }