Fix crash of to_tsvector() function on huge input: compareWORD()

author Teodor Sigaev <[email protected]>

Wed, 26 Sep 2007 10:30:53 +0000 (10:30 +0000)

committer Teodor Sigaev <[email protected]>

Wed, 26 Sep 2007 10:30:53 +0000 (10:30 +0000)
author Teodor Sigaev <[email protected]>
Wed, 26 Sep 2007 10:30:53 +0000 (10:30 +0000)
committer Teodor Sigaev <[email protected]>
Wed, 26 Sep 2007 10:30:53 +0000 (10:30 +0000)
diff --git a/contrib/tsearch2/tsvector.c b/contrib/tsearch2/tsvector.c

index cdb70e986cf865e6881ea7f8e986812e66f2d49c..e0fc67f2b18507dc45e87b6f6eac3990e5b2efe0 100644 (file)
--- a/contrib/tsearch2/tsvector.c
+++ b/contrib/tsearch2/tsvector.c
@@ -581,7 +581,12 @@ compareWORD(const void *a, const void *b)
                                                                   ((TSWORD *) b)->len);
  
                 if (res == 0)
+               {
+                       if ( ((TSWORD *) a)->pos.pos == ((TSWORD *) b)->pos.pos )
+                               return 0;
+
                         return (((TSWORD *) a)->pos.pos > ((TSWORD *) b)->pos.pos) ? 1 : -1;
+               }
                 return res;
         }
         return (((TSWORD *) a)->len > ((TSWORD *) b)->len) ? 1 : -1;
@@ -631,7 +636,8 @@ uniqueWORD(TSWORD * a, int4 l)
                 else
                 {
                         pfree(ptr->word);
-                       if (res->pos.apos[0] < MAXNUMPOS - 1 && res->pos.apos[res->pos.apos[0]] != MAXENTRYPOS - 1)
+                       if (res->pos.apos[0] < MAXNUMPOS - 1 && res->pos.apos[res->pos.apos[0]] != MAXENTRYPOS - 1 &&
+                               res->pos.apos[res->pos.apos[0]] != LIMITPOS(ptr->pos.pos) )
                         {
                                 if (res->pos.apos[0] + 1 >= res->alen)
                                 {
author	Teodor Sigaev <[email protected]>
	Wed, 26 Sep 2007 10:30:53 +0000 (10:30 +0000)
committer	Teodor Sigaev <[email protected]>
	Wed, 26 Sep 2007 10:30:53 +0000 (10:30 +0000)