From b32df590cce605389415c9b42b87f02bc0d623b8 Mon Sep 17 00:00:00 2001 From: Jeff Davis Date: Mon, 8 Jun 2026 11:47:40 -0700 Subject: [PATCH] dict_synonym.c: remove incorrect outlen. Previously, outlen was miscalculated if case_sensitive was false and str_tolower() changed the byte length of the string. If outlen was too large, pnstrdup() would stop at the NUL terminator, preventing overrun. But if outlen was too small, it would cause truncation. Fix by just removing outlen. It was only used in a single site, which could just as well use pstrdup(). Discussion: https://postgre.es/m/1101e1a3afbbabb503317069c40374b82e6f4cac.camel@j-davis.com Reviewed-by: Tristan Partin Backpatch-through: 14 --- src/backend/tsearch/dict_synonym.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/backend/tsearch/dict_synonym.c b/src/backend/tsearch/dict_synonym.c index fe7ca30ce97..b1a3d955f55 100644 --- a/src/backend/tsearch/dict_synonym.c +++ b/src/backend/tsearch/dict_synonym.c @@ -22,7 +22,6 @@ typedef struct { char *in; char *out; - int outlen; uint16 flags; } Syn; @@ -187,7 +186,6 @@ dsynonym_init(PG_FUNCTION_ARGS) d->syn[cur].out = lowerstr(starto); } - d->syn[cur].outlen = strlen(starto); d->syn[cur].flags = flags; cur++; @@ -234,7 +232,7 @@ dsynonym_lexize(PG_FUNCTION_ARGS) PG_RETURN_POINTER(NULL); res = palloc0(sizeof(TSLexeme) * 2); - res[0].lexeme = pnstrdup(found->out, found->outlen); + res[0].lexeme = pstrdup(found->out); res[0].flags = found->flags; PG_RETURN_POINTER(res);