fix hlfinditem function. Thanks to "Stphane Bidoul" <stephane.bidoul@softwareag.com>.

The 'word' variable there is initialised from
the prs->words array, but immediately after,
that array may be reallocated, thus leaving
word pointing to unallocated memory.

contrib/tsearch2/expected/tsearch2.out

@@ -2056,11 +2056,11 @@ An hour of storm to place
 The sculpture of these granite seams,
 Upon a woman s face. E.  J.  Pratt  (1882 1964)
 ', to_tsquery('granite&sea'));
-                                           headline                                           
-----------------------------------------------------------------------------------------------
- <b>sea</b> an hour one night
-An hour of storm to place
-The sculpture of these <b>granite</b>
+                                             headline                                             
+--------------------------------------------------------------------------------------------------
+ <b>sea</b> a thousand years,
+A thousand years to trace
+The <b>granite</b> features of this cliff
 (1 row)
 
  

contrib/tsearch2/ts_cfg.c

@@ -360,7 +360,7 @@ hlfinditem(HLPRSTEXT * prs, QUERYTYPE * query, char *buf, int buflen)
 {
 	int			i;
 	ITEM	   *item = GETQUERY(query);
-	HLWORD	   *word = &(prs->words[prs->curwords - 1]);
+	HLWORD	   *word;
 
 	while (prs->curwords + query->size >= prs->lenwords)
 	{
@@ -368,6 +368,7 @@ hlfinditem(HLPRSTEXT * prs, QUERYTYPE * query, char *buf, int buflen)
 		prs->words = (HLWORD *) repalloc((void *) prs->words, prs->lenwords * sizeof(HLWORD));
 	}
 
+	word = &(prs->words[prs->curwords - 1]);
 	for (i = 0; i < query->size; i++)
 	{
 		if (item->type == VAL && item->length == buflen && strncmp(GETOPERAND(query) + item->distance, buf, buflen) == 0)