From bc16ca2746648df49f9f35ee3818aa3c5e84b095 Mon Sep 17 00:00:00 2001
From: Teodor Sigaev <teodor@sigaev.ru>
Date: Wed, 26 Sep 2007 10:30:53 +0000
Subject: [PATCH] Fix crash of to_tsvector() function on huge input:
 compareWORD() function didn't return correct result for word position greate
 than limit.

Per report from Stuart Bishop <stuart@stuartbishop.net>
---
 contrib/tsearch2/tsvector.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/contrib/tsearch2/tsvector.c b/contrib/tsearch2/tsvector.c
index cdb70e986cf..e0fc67f2b18 100644
--- a/contrib/tsearch2/tsvector.c
+++ b/contrib/tsearch2/tsvector.c
@@ -581,7 +581,12 @@ compareWORD(const void *a, const void *b)
 								  ((TSWORD *) b)->len);
 
 		if (res == 0)
+		{
+			if ( ((TSWORD *) a)->pos.pos == ((TSWORD *) b)->pos.pos )
+				return 0;
+
 			return (((TSWORD *) a)->pos.pos > ((TSWORD *) b)->pos.pos) ? 1 : -1;
+		}
 		return res;
 	}
 	return (((TSWORD *) a)->len > ((TSWORD *) b)->len) ? 1 : -1;
@@ -631,7 +636,8 @@ uniqueWORD(TSWORD * a, int4 l)
 		else
 		{
 			pfree(ptr->word);
-			if (res->pos.apos[0] < MAXNUMPOS - 1 && res->pos.apos[res->pos.apos[0]] != MAXENTRYPOS - 1)
+			if (res->pos.apos[0] < MAXNUMPOS - 1 && res->pos.apos[res->pos.apos[0]] != MAXENTRYPOS - 1 &&
+				res->pos.apos[res->pos.apos[0]] != LIMITPOS(ptr->pos.pos) )
 			{
 				if (res->pos.apos[0] + 1 >= res->alen)
 				{