From 4c5f8ebaf38faa9be7bdacc4fe53e91dc9750a88 Mon Sep 17 00:00:00 2001
From: wbq_sky <wangbingquan@huawei.com>
Date: Wed, 31 Aug 2022 10:56:50 +0800
Subject: [PATCH] Fix CVE-2021-20223 From
 d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001 From: dan
 <dan@noemail.net> Date: Mon, 26 Oct 2020 13:24:36 +0000 Subject: [PATCH]
 Prevent fts5 tokenizer unicode61 from considering '\0' to be  a token
 characters, even if other characters of class "Cc" are.

FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
---
 ext/fts5/fts5_unicode2.c    |  1 +
 ext/fts5/test/fts5tok1.test | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/ext/fts5/fts5_unicode2.c b/ext/fts5/fts5_unicode2.c
index 161e8d8..843133e 100644
--- a/ext/fts5/fts5_unicode2.c
+++ b/ext/fts5/fts5_unicode2.c
@@ -773,4 +773,5 @@ void sqlite3Fts5UnicodeAscii(u8 *aArray, u8 *aAscii){
     }
     iTbl++;
   }
+  aAscii[0] = 0;                  /* 0x00 is never a token character */
 }
diff --git a/ext/fts5/test/fts5tok1.test b/ext/fts5/test/fts5tok1.test
index a336f11..c605ce3 100644
--- a/ext/fts5/test/fts5tok1.test
+++ b/ext/fts5/test/fts5tok1.test
@@ -111,5 +111,40 @@ do_catchsql_test 2.1 {
   SELECT * FROM t4;
 } {1 {SQL logic error}}
 
+#-------------------------------------------------------------------------
+# Embedded 0x00 characters.
+#
+reset_db
+do_execsql_test 3.1.0 {
+  CREATE VIRTUAL TABLE t1 USING fts5(z);
+  CREATE VIRTUAL TABLE tt USING fts5vocab(t1, 'instance');
+  INSERT INTO t1 VALUES('abc' || char(0) || 'def');
+  SELECT * FROM tt;
+} { abc 1 z 0 def 1 z 1 }
+do_execsql_test 3.1.1 {
+  SELECT hex(z) FROM t1;
+} {61626300646566}
+do_execsql_test 3.1.2 {
+  INSERT INTO t1(t1) VALUES('integrity-check');
+} {}
+
+do_execsql_test 3.2.0 {
+  CREATE VIRTUAL TABLE t2 USING fts5(z, 
+      tokenize="unicode61 categories 'L* N* Co Cc'"
+  );
+  CREATE VIRTUAL TABLE tu USING fts5vocab(t2, 'instance');
+
+  INSERT INTO t2 VALUES('abc' || char(0) || 'def');
+  SELECT * FROM tu;
+} { abc 1 z 0 def 1 z 1 }
+
+do_execsql_test 3.2.1 {
+  SELECT hex(z) FROM t1;
+} {61626300646566}
+
+do_execsql_test 3.2.2 {
+  INSERT INTO t1(t1) VALUES('integrity-check');
+} {}
+
 
 finish_test
-- 
2.25.1