third_party/sqlite/patches/0011-fts2-Disable-fts2_tokenizer-for-security-reasons.patch - Issue 949043002: Add //third_party/sqlite to dirs_to_snapshot, remove net_sql.patch

Unified Diff: third_party/sqlite/patches/0011-fts2-Disable-fts2_tokenizer-for-security-reasons.patch

Issue 949043002: Add //third_party/sqlite to dirs_to_snapshot, remove net_sql.patch (Closed) Base URL: git@github.com:domokit/mojo.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/sqlite/patches/0010-fts2-test-Add-fts2-to-testfixture.patch ('k') | third_party/sqlite/patches/0012-fts2-backport-ICU-tokenizer-iterate-by-UTF16.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/sqlite/patches/0011-fts2-Disable-fts2_tokenizer-for-security-reasons.patch

diff --git a/third_party/sqlite/patches/0011-fts2-Disable-fts2_tokenizer-for-security-reasons.patch b/third_party/sqlite/patches/0011-fts2-Disable-fts2_tokenizer-for-security-reasons.patch

new file mode 100644

index 0000000000000000000000000000000000000000..b30be1259278afdb6311586af0c5926380c0a555

--- /dev/null

+++ b/third_party/sqlite/patches/0011-fts2-Disable-fts2_tokenizer-for-security-reasons.patch

@@ -0,0 +1,53 @@

+From 971ef3e0fc917c25d7c0037de0c7a6df80068368 Mon Sep 17 00:00:00 2001

+From: Scott Hess <shess@chromium.org>

+Date: Mon, 22 Dec 2014 14:06:33 -0800

+Subject: [PATCH 11/16] [fts2] Disable fts2_tokenizer for security reasons.

+This was a leftover bit from merging the Gears SQLite into Chromium's version.

+Original commit URL, which also shifted directory structure:

+ http://src.chromium.org/viewvc/chrome?revision=7623&view=revision

+---

+ third_party/sqlite/src/ext/fts2/fts2.c | 18 ++++++++++++++++++

+ 1 file changed, 18 insertions(+)

+diff --git a/third_party/sqlite/src/ext/fts2/fts2.c b/third_party/sqlite/src/ext/fts2/fts2.c

+index dd75b4a..944f324 100644

+--- a/third_party/sqlite/src/ext/fts2/fts2.c

++++ b/third_party/sqlite/src/ext/fts2/fts2.c

+@@ -37,6 +37,20 @@

+ ** This is an SQLite module implementing full-text search.

+ */

++/* TODO(shess): To make it easier to spot changes without groveling

++** through changelogs, I've defined GEARS_FTS2_CHANGES to call them

++** out, and I will document them here. On imports, these changes

++** should be reviewed to make sure they are still present, or are

++** dropped as appropriate.

++**

++** SQLite core adds the custom function fts2_tokenizer() to be used

++** for defining new tokenizers. The second parameter is a vtable

++** pointer encoded as a blob. Obviously this cannot be exposed to

++** Gears callers for security reasons. It could be suppressed in the

++** authorizer, but for now I have simply commented the definition out.

++*/

++#define GEARS_FTS2_CHANGES 1

+ /*

+ ** The code in this file is only compiled if:

+ **

+@@ -6822,7 +6836,11 @@ int sqlite3Fts2Init(sqlite3 *db){

+ ** module with sqlite.

+ */

+ if( SQLITE_OK==rc

++#if GEARS_FTS2_CHANGES && !SQLITE_TEST

++ /* fts2_tokenizer() disabled for security reasons. */

++#else

+ && SQLITE_OK==(rc = sqlite3Fts2InitHashTable(db, pHash, "fts2_tokenizer"))

++#endif

+ && SQLITE_OK==(rc = sqlite3_overload_function(db, "snippet", -1))

+ && SQLITE_OK==(rc = sqlite3_overload_function(db, "offsets", -1))

+ && SQLITE_OK==(rc = sqlite3_overload_function(db, "optimize", -1))

+--

+2.2.1