• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1diff --git ext/fts3/fts3.c ext/fts3/fts3.c
2index 20da051..71e22ae 100644
3--- ext/fts3/fts3.c
4+++ ext/fts3/fts3.c
5@@ -291,6 +291,7 @@
6 ** deletions and duplications.  This would basically be a forced merge
7 ** into a single segment.
8 */
9+#define CHROMIUM_FTS3_CHANGES 1
10
11 #if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
12
13@@ -1226,7 +1227,13 @@ static int fts3ScanInteriorNode(
14     isFirstTerm = 0;
15     zCsr += sqlite3Fts3GetVarint32(zCsr, &nSuffix);
16
17-    if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
18+    /* NOTE(shess): Previous code checked for negative nPrefix and
19+    ** nSuffix and suffix overrunning zEnd.  Additionally corrupt if
20+    ** the prefix is longer than the previous term, or if the suffix
21+    ** causes overflow.
22+    */
23+    if( nPrefix<0 || nSuffix<0 || nPrefix>nBuffer
24+     || &zCsr[nSuffix]<zCsr || &zCsr[nSuffix]>zEnd ){
25       rc = SQLITE_CORRUPT;
26       goto finish_scan;
27     }
28@@ -3646,7 +3660,11 @@ int sqlite3Fts3Init(sqlite3 *db){
29   ** module with sqlite.
30   */
31   if( SQLITE_OK==rc
32+#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST
33+      /* fts3_tokenizer() disabled for security reasons. */
34+#else
35    && SQLITE_OK==(rc = sqlite3Fts3InitHashTable(db, pHash, "fts3_tokenizer"))
36+#endif
37    && SQLITE_OK==(rc = sqlite3_overload_function(db, "snippet", -1))
38    && SQLITE_OK==(rc = sqlite3_overload_function(db, "offsets", 1))
39    && SQLITE_OK==(rc = sqlite3_overload_function(db, "matchinfo", 1))
40@@ -3656,11 +3674,15 @@ int sqlite3Fts3Init(sqlite3 *db){
41     rc = sqlite3_create_module_v2(
42         db, "fts3", &fts3Module, (void *)pHash, hashDestroy
43     );
44+#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST
45+    /* Disable fts4 pending review. */
46+#else
47     if( rc==SQLITE_OK ){
48       rc = sqlite3_create_module_v2(
49           db, "fts4", &fts3Module, (void *)pHash, 0
50       );
51     }
52+#endif
53     return rc;
54   }
55
56diff --git ext/fts3/fts3_icu.c ext/fts3/fts3_icu.c
57index 85390d3..a75b14a 100644
58--- ext/fts3/fts3_icu.c
59+++ ext/fts3/fts3_icu.c
60@@ -198,7 +198,7 @@ static int icuNext(
61
62     while( iStart<iEnd ){
63       int iWhite = iStart;
64-      U8_NEXT(pCsr->aChar, iWhite, pCsr->nChar, c);
65+      U16_NEXT(pCsr->aChar, iWhite, pCsr->nChar, c);
66       if( u_isspace(c) ){
67         iStart = iWhite;
68       }else{
69