Fix bug in to_tsquery().

We were using memcpy() to copy to a possibly overlapping memory region,
which is a no-no. Use memmove() instead.

diff --git a/src/backend/tsearch/to_tsany.c b/src/backend/tsearch/to_tsany.c
index 5284c9c714931321d037922068acbcc001a25856..9c5b3a361af295ffb36aa5ef237931fa7e6d4e31 100644 (file)
--- a/src/backend/tsearch/to_tsany.c
+++ b/src/backend/tsearch/to_tsany.c
@@ -342,6 +342,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
        if (query->size == 0)
                PG_RETURN_TSQUERY(query);
 
+       /* clean out any stopword placeholders from the tree */
        res = clean_fakeval(GETQUERY(query), &len);
        if (!res)
        {
@@ -351,6 +352,10 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
        }
        memcpy((void *) GETQUERY(query), (void *) res, len * sizeof(QueryItem));
 
+       /*
+        * Removing the stopword placeholders might've resulted in fewer
+        * QueryItems. If so, move the operands up accordingly.
+        */
        if (len != query->size)
        {
                char       *oldoperand = GETOPERAND(query);
@@ -359,7 +364,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
                Assert(len < query->size);
 
                query->size = len;
-               memcpy((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char *) query));
+               memmove((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char *) query));
                SET_VARSIZE(query, COMPUTESIZE(len, lenoperand));
        }