From 9234e333711ef9875a4cef31889e88439421c396 Mon Sep 17 00:00:00 2001 From: Jeff Davis Date: Mon, 8 Jun 2026 11:47:53 -0700 Subject: [PATCH] dict_synonym.c: remove incorrect outlen. Previously, outlen was miscalculated if case_sensitive was false and str_tolower() changed the byte length of the string. If outlen was too large, pnstrdup() would stop at the NUL terminator, preventing overrun. But if outlen was too small, it would cause truncation. Fix by just removing outlen. It was only used in a single site, which could just as well use pstrdup(). Discussion: https://postgre.es/m/1101e1a3afbbabb503317069c40374b82e6f4cac.camel@j-davis.com Reviewed-by: Tristan Partin Backpatch-through: 14 --- src/backend/tsearch/dict_synonym.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/backend/tsearch/dict_synonym.c b/src/backend/tsearch/dict_synonym.c index 3937f25bcc6..24345767658 100644 --- a/src/backend/tsearch/dict_synonym.c +++ b/src/backend/tsearch/dict_synonym.c @@ -24,7 +24,6 @@ typedef struct { char *in; char *out; - int outlen; uint16 flags; } Syn; @@ -189,7 +188,6 @@ dsynonym_init(PG_FUNCTION_ARGS) d->syn[cur].out = str_tolower(starto, strlen(starto), DEFAULT_COLLATION_OID); } - d->syn[cur].outlen = strlen(starto); d->syn[cur].flags = flags; cur++; @@ -237,7 +235,7 @@ dsynonym_lexize(PG_FUNCTION_ARGS) PG_RETURN_POINTER(NULL); res = palloc0_array(TSLexeme, 2); - res[0].lexeme = pnstrdup(found->out, found->outlen); + res[0].lexeme = pstrdup(found->out); res[0].flags = found->flags; PG_RETURN_POINTER(res);