From: Michael Paquier <michael@paquier.xyz>
Date: Mon, 4 Sep 2023 05:55:58 +0000 (+0900)
Subject: Fix out-of-bound read in gtsvector_picksplit()
X-Git-Tag: REL_11_22~75
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=358cd2b25109f50f2d3a9a29ed90fed9dc362df3;p=thirdparty%2Fpostgresql.git

Fix out-of-bound read in gtsvector_picksplit()

This could lead to an imprecise choice when splitting an index page of a
GiST index on a tsvector, deciding which entries should remain on the
old page and which entries should move to a new page.

This is wrong since tsearch2 has been moved into core with commit
140d4ebcb46e, so backpatch all the way down.  This error has been
spotted by valgrind.

Author: Alexander Lakhin
Discussion: https://postgr.es/m/17950-6c80a8d2b94ec695@postgresql.org
Backpatch-through: 11
---

diff --git a/src/backend/utils/adt/tsgistidx.c b/src/backend/utils/adt/tsgistidx.c
index 2d9ecc4bfdc..a78de088927 100644
--- a/src/backend/utils/adt/tsgistidx.c
+++ b/src/backend/utils/adt/tsgistidx.c
@@ -751,7 +751,7 @@ gtsvector_picksplit(PG_FUNCTION_ARGS)
 				size_alpha = 0;
 			else
 				size_alpha = SIGLENBIT - sizebitvec(
-													(cache[j].allistrue) ? GETSIGN(datum_l) : GETSIGN(cache[j].sign)
+													(cache[j].allistrue) ? GETSIGN(datum_l) : cache[j].sign
 					);
 		}
 		else
@@ -763,7 +763,7 @@ gtsvector_picksplit(PG_FUNCTION_ARGS)
 				size_beta = 0;
 			else
 				size_beta = SIGLENBIT - sizebitvec(
-												   (cache[j].allistrue) ? GETSIGN(datum_r) : GETSIGN(cache[j].sign)
+												   (cache[j].allistrue) ? GETSIGN(datum_r) : cache[j].sign
 					);
 		}
 		else