Fix bug in to_tsquery().

We were using memcpy() to copy to a possibly overlapping memory region,
which is a no-no. Use memmove() instead.

diff --git a/src/backend/tsearch/to_tsany.c b/src/backend/tsearch/to_tsany.c
index dbcfe814306b3301082b7d3f7e1b0421dcaf09ac..cade548e636b0bf4602114f74ce338c20f592df8 100644 (file)
--- a/src/backend/tsearch/to_tsany.c
+++ b/src/backend/tsearch/to_tsany.c
@@ -342,6 +342,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
        if (query->size == 0)
                PG_RETURN_TSQUERY(query);
 
+       /* clean out any stopword placeholders from the tree */
        res = clean_fakeval(GETQUERY(query), &len);
        if (!res)
        {
@@ -351,6 +352,10 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
        }
        memcpy((void *) GETQUERY(query), (void *) res, len * sizeof(QueryItem));
 
+       /*
+        * Removing the stopword placeholders might've resulted in fewer
+        * QueryItems. If so, move the operands up accordingly.
+        */
        if ( len != query->size ) {
                char            *oldoperand = GETOPERAND(query);
                int4 lenoperand = VARSIZE(query) - (oldoperand - (char*)query);
@@ -358,7 +363,7 @@ to_tsquery_byid(PG_FUNCTION_ARGS)
                Assert( len < query->size );
 
                query->size = len;
-               memcpy((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char*)query) );
+               memmove((void *) GETOPERAND(query), oldoperand, VARSIZE(query) - (oldoperand - (char*)query) );
                SET_VARSIZE(query, COMPUTESIZE( len, lenoperand )); 
        }