From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Scott Hess <shess@chromium.org>
Date: Tue, 16 Dec 2014 13:02:27 -0800
Subject: [PATCH 5/6] [fts3] Disable fts3_tokenizer and fts4.

fts3_tokenizer allows a SQLite user to specify a pointer to call as a
function, which has obvious sercurity implications.  Disable fts4 until
someone explicitly decides to own support for it.  Disable fts3tokenize
virtual table until someone explicitly decides to own support for it.

No original review URL because this was part of the initial Chromium commit.
---
 third_party/sqlite/src/ext/fts3/fts3.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext/fts3/fts3.c
index 44d9e20cc667..ef69a7b18681 100644
--- a/third_party/sqlite/src/ext/fts3/fts3.c
+++ b/third_party/sqlite/src/ext/fts3/fts3.c
@@ -287,6 +287,7 @@
 ** query logic likewise merges doclists so that newer data knocks out
 ** older data.
 */
+#define CHROMIUM_FTS3_CHANGES 1

 #include "fts3Int.h"
 #if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
@@ -3988,7 +3989,11 @@ int sqlite3Fts3Init(sqlite3 *db){
   ** module with sqlite.
   */
   if( SQLITE_OK==rc
+#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST
+      /* fts3_tokenizer() disabled for security reasons. */
+#else
    && SQLITE_OK==(rc = sqlite3Fts3InitHashTable(db, pHash, "fts3_tokenizer"))
+#endif
    && SQLITE_OK==(rc = sqlite3_overload_function(db, "snippet", -1))
    && SQLITE_OK==(rc = sqlite3_overload_function(db, "offsets", 1))
    && SQLITE_OK==(rc = sqlite3_overload_function(db, "matchinfo", 1))
@@ -3998,6 +4003,9 @@ int sqlite3Fts3Init(sqlite3 *db){
     rc = sqlite3_create_module_v2(
         db, "fts3", &fts3Module, (void *)pHash, hashDestroy
     );
+#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST
+    /* Disable fts4 and tokenizer vtab pending review. */
+#else
     if( rc==SQLITE_OK ){
       rc = sqlite3_create_module_v2(
           db, "fts4", &fts3Module, (void *)pHash, 0
@@ -4006,6 +4014,7 @@ int sqlite3Fts3Init(sqlite3 *db){
     if( rc==SQLITE_OK ){
       rc = sqlite3Fts3InitTok(db, (void *)pHash);
     }
+#endif
     return rc;
   }

--
2.18.0