From 3e693179444b08f481d63658e0b8c8b6197c68d6 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@fedoraproject.org>
Date: Sun, 25 Oct 2009 22:09:40 +0000
Subject: [PATCH] - CVE-2009-3607 (#530890)

---
 poppler-0.12.1-CVE-2009-3607.patch | 54 ++++++++++++++++++++++++++++++
 poppler.spec                       | 11 +++++-
 2 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 poppler-0.12.1-CVE-2009-3607.patch

diff --git a/poppler-0.12.1-CVE-2009-3607.patch b/poppler-0.12.1-CVE-2009-3607.patch
new file mode 100644
index 0000000..a3af9a6
--- /dev/null
+++ b/poppler-0.12.1-CVE-2009-3607.patch
@@ -0,0 +1,54 @@
+http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b70609
+
+CVE-2009-3607
+
+diff -pruN poppler-0.12.1.orig/glib/poppler-page.cc poppler-0.12.1/glib/poppler-page.cc
+--- poppler-0.12.1.orig/glib/poppler-page.cc	2009-09-09 23:22:31.000000000 +0200
++++ poppler-0.12.1/glib/poppler-page.cc	2009-10-25 18:54:30.000000000 +0100
+@@ -609,28 +609,28 @@ create_surface_from_thumbnail_data (guch
+ 				    gint    rowstride)
+ {
+   guchar *cairo_pixels;
++  gint cairo_stride;
+   cairo_surface_t *surface;
+-  static cairo_user_data_key_t key;
+   int j;
+ 
+-  cairo_pixels = (guchar *)g_malloc (4 * width * height);
+-  surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+-						 CAIRO_FORMAT_RGB24,
+-						 width, height, 4 * width);
+-  cairo_surface_set_user_data (surface, &key,
+-			       cairo_pixels, (cairo_destroy_func_t)g_free);
++  surface = cairo_image_surface_create (CAIRO_FORMAT_RGB24, width, height);
++  if (cairo_surface_status (surface))
++    return NULL;
++
++  cairo_pixels = cairo_image_surface_get_data (surface);
++  cairo_stride = cairo_image_surface_get_stride (surface);
+ 
+   for (j = height; j; j--) {
+     guchar *p = data;
+     guchar *q = cairo_pixels;
+     guchar *end = p + 3 * width;
+-	  
++
+     while (p < end) {
+ #if G_BYTE_ORDER == G_LITTLE_ENDIAN
+       q[0] = p[2];
+       q[1] = p[1];
+       q[2] = p[0];
+-#else	  
++#else
+       q[1] = p[0];
+       q[2] = p[1];
+       q[3] = p[2];
+@@ -640,7 +640,7 @@ create_surface_from_thumbnail_data (guch
+     }
+ 
+     data += rowstride;
+-    cairo_pixels += 4 * width;
++    cairo_pixels += cairo_stride;
+   }
+ 
+   return surface;
diff --git a/poppler.spec b/poppler.spec
index 6b2c798..268a8bd 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -2,7 +2,7 @@
 Summary: PDF rendering library
 Name: poppler
 Version: 0.12.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Group: Development/Libraries
 URL:     http://poppler.freedesktop.org/
@@ -10,9 +10,14 @@ Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 ## upstreamable patches
+
+## upstream patches
 # for texlive/pdftex, make ObjStream class public
 Patch100: poppler-0.12.1-objstream.patch
 
+# CVE-2009-3607 / c839b70609
+Patch162: poppler-0.12.1-CVE-2009-3607.patch
+
 BuildRequires: automake libtool
 BuildRequires: cairo-devel >= 1.8.4
 BuildRequires: gtk2-devel
@@ -116,6 +121,7 @@ converting PDF files to a number of other formats.
 %setup -q 
 
 %patch100 -p1 -b .objstream
+%patch162 -p1 -b .CVE-2009-3607
 
 # hammer to nuke rpaths, recheck on new releases
 autoreconf -i -f
@@ -214,6 +220,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Sun Oct 25 2009 Rex Dieter <rdieter@fedoraproject.org> - 0.12.1-2
+- CVE-2009-3607 (#530890)
+
 * Mon Oct 19 2009 Rex Dieter <rdieter@fedoraproject.org> - 0.12.1-1
 - poppler-0.12.1
 - deprecate xpdf/pdftohtml Conflicts/Obsoletes