A customer reported a mysterious crash, with the backtrace showing it to
come from several levels down deep in the infix() function, called by
tsqueryout(). I was eventually able to reproduce this and hunt down the
bug, using the same tsquery string as the customer.
The bug was actually in to_tsquery(), and resulted in a corrupt
"operand" string being stored in a tsquery Datum. In a nutshell, in
to_tsquery_byid(), we're using memcpy() to copy to a possibly
overlapping region of data. The obvious fix is to use memmove() instead,
attached.
This is pretty hairy code, it's hard to resist doing some more whacking
around. For example the infix() function would be a lot simpler if it
used a StringInfo instead of implementing a resizeable string of its
own. But I'll leave that alone for now, given that the bug was in fact
not in that function.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com