From 18bcdb75d155e68a9cb34b5b76d0bccd0a234110 Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Fri, 20 Feb 2026 11:56:42 +0200 Subject: [PATCH] Fix expanding 'bounds' in pg_trgm's calc_word_similarity() function If the 'bounds' array needs to be expanded, because the input contains more trigrams than the initial guess, the code didn't return the reallocated array correctly to the caller. That could lead to a crash in the rare case that the input string becomes longer when it's lower-cased. The only known instance of that is when an ICU locale is used with certain single-byte encodings. This was an oversight in commit 00896ddaf41f. Author: Zsolt Parragi Backpatch-through: 18 --- contrib/pg_trgm/trgm_op.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/pg_trgm/trgm_op.c b/contrib/pg_trgm/trgm_op.c index 5fba594b61f..ee89e548d16 100644 --- a/contrib/pg_trgm/trgm_op.c +++ b/contrib/pg_trgm/trgm_op.c @@ -533,7 +533,7 @@ generate_trgm_only(growable_trgm_array *dst, char *str, int slen, TrgmBound **bo { if (bounds_allocated < dst->length) { - bounds = repalloc0_array(bounds, TrgmBound, bounds_allocated, dst->allocated); + bounds = *bounds_p = repalloc0_array(bounds, TrgmBound, bounds_allocated, dst->allocated); bounds_allocated = dst->allocated; }