Home | History | Annotate | Download | only in sqlite 
      1 diff --git ext/fts3/fts3.c ext/fts3/fts3.c
      2 index 20da051..71e22ae 100644
      3 --- ext/fts3/fts3.c
      4 +++ ext/fts3/fts3.c
      5 @@ -291,6 +291,7 @@
      6  ** deletions and duplications.  This would basically be a forced merge
      7  ** into a single segment.
      8  */
      9 +#define CHROMIUM_FTS3_CHANGES 1
     10  
     11  #if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
     12  
     13 @@ -1226,7 +1227,13 @@ static int fts3ScanInteriorNode(
     14      isFirstTerm = 0;
     15      zCsr += sqlite3Fts3GetVarint32(zCsr, &nSuffix);
     16      
     17 -    if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
     18 +    /* NOTE(shess): Previous code checked for negative nPrefix and
     19 +    ** nSuffix and suffix overrunning zEnd.  Additionally corrupt if
     20 +    ** the prefix is longer than the previous term, or if the suffix
     21 +    ** causes overflow.
     22 +    */
     23 +    if( nPrefix<0 || nSuffix<0 || nPrefix>nBuffer
     24 +     || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){
     25        rc = SQLITE_CORRUPT;
     26        goto finish_scan;
     27      }
     28 @@ -3646,7 +3660,11 @@ int sqlite3Fts3Init(sqlite3 *db){
     29    ** module with sqlite.
     30    */
     31    if( SQLITE_OK==rc 
     32 +#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST
     33 +      /* fts3_tokenizer() disabled for security reasons. */
     34 +#else
     35     && SQLITE_OK==(rc = sqlite3Fts3InitHashTable(db, pHash, "fts3_tokenizer"))
     36 +#endif
     37     && SQLITE_OK==(rc = sqlite3_overload_function(db, "snippet", -1))
     38     && SQLITE_OK==(rc = sqlite3_overload_function(db, "offsets", 1))
     39     && SQLITE_OK==(rc = sqlite3_overload_function(db, "matchinfo", 1))
     40 @@ -3656,11 +3674,15 @@ int sqlite3Fts3Init(sqlite3 *db){
     41      rc = sqlite3_create_module_v2(
     42          db, "fts3", &fts3Module, (void *)pHash, hashDestroy
     43      );
     44 +#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST
     45 +    /* Disable fts4 pending review. */
     46 +#else
     47      if( rc==SQLITE_OK ){
     48        rc = sqlite3_create_module_v2(
     49            db, "fts4", &fts3Module, (void *)pHash, 0
     50        );
     51      }
     52 +#endif
     53      return rc;
     54    }
     55  
     56 diff --git ext/fts3/fts3_icu.c ext/fts3/fts3_icu.c
     57 index 85390d3..a75b14a 100644
     58 --- ext/fts3/fts3_icu.c
     59 +++ ext/fts3/fts3_icu.c
     60 @@ -198,7 +198,7 @@ static int icuNext(
     61  
     62      while( iStart<iEnd ){
     63        int iWhite = iStart;
     64 -      U8_NEXT(pCsr->aChar, iWhite, pCsr->nChar, c);
     65 +      U16_NEXT(pCsr->aChar, iWhite, pCsr->nChar, c);
     66        if( u_isspace(c) ){
     67          iStart = iWhite;
     68        }else{
     69