From 6ee479abfc27a18c37fe77140d16d3ac31f4ac31 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 21 Feb 2021 19:46:46 -0500 Subject: [PATCH] Fix invalid array access in trgm_regexp.c. Brown-paper-bag bug in 08c0d6ad6: I missed one place that needed to guard against RAINBOW arc colors. Remarkably, nothing noticed the invalid array access except buildfarm member thorntail. Thanks to Noah Misch for assistance with tracking this down. --- contrib/pg_trgm/trgm_regexp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/contrib/pg_trgm/trgm_regexp.c b/contrib/pg_trgm/trgm_regexp.c index fcf03de32dc..bf1dea6352e 100644 --- a/contrib/pg_trgm/trgm_regexp.c +++ b/contrib/pg_trgm/trgm_regexp.c @@ -1220,7 +1220,7 @@ addArcs(TrgmNFA *trgmNFA, TrgmState *state) for (i = 0; i < arcsCount; i++) { regex_arc_t *arc = &arcs[i]; - TrgmColorInfo *colorInfo = &trgmNFA->colorInfo[arc->co]; + TrgmColorInfo *colorInfo; /* * Ignore non-expandable colors; addKey already handled the case. @@ -1228,8 +1228,14 @@ addArcs(TrgmNFA *trgmNFA, TrgmState *state) * We need no special check for WHITE or begin/end pseudocolors * here. We don't need to do any processing for them, and they * will be marked non-expandable since the regex engine will have - * reported them that way. + * reported them that way. We do have to watch out for RAINBOW, + * which has a negative color number. */ + if (arc->co < 0) + continue; + Assert(arc->co < trgmNFA->ncolors); + + colorInfo = &trgmNFA->colorInfo[arc->co]; if (!colorInfo->expandable) continue;