From d39b5b69687a108ec953ecd6a150a77333742c3c Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Mon, 21 Jan 2019 14:01:29 +0100
Subject: [PATCH] Do not try to construct invalid rich media annotation assets

Resolves: #1665260
---
 poppler-0.67.0-rich-media-annotation.patch | 51 ++++++++++++++++++++++
 poppler.spec                               |  9 +++-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 poppler-0.67.0-rich-media-annotation.patch

diff --git a/poppler-0.67.0-rich-media-annotation.patch b/poppler-0.67.0-rich-media-annotation.patch
new file mode 100644
index 0000000..3730e3e
--- /dev/null
+++ b/poppler-0.67.0-rich-media-annotation.patch
@@ -0,0 +1,51 @@
+From 7f87dc10b6adccd6d1b977a28b064add254aa2da Mon Sep 17 00:00:00 2001
+From: Adam Reichold <adam.reichold@t-online.de>
+Date: Thu, 27 Dec 2018 11:54:53 +0100
+Subject: [PATCH] Do not try to construct invalid rich media annotation assets.
+ Closes #703
+
+---
+ poppler/Annot.cc | 24 +++++++++++++-----------
+ 1 file changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/poppler/Annot.cc b/poppler/Annot.cc
+index 2e4770ab..1750dc70 100644
+--- a/poppler/Annot.cc
++++ b/poppler/Annot.cc
+@@ -6418,20 +6418,22 @@ AnnotRichMedia::Content::Content(Dict *dict) {
+   if (obj1.isDict()) {
+     Object obj2 = obj1.getDict()->lookup("Names");
+     if (obj2.isArray()) {
+-      nAssets = obj2.arrayGetLength() / 2;
++      const int length = obj2.arrayGetLength() / 2;
+ 
+-      assets = (Asset **)gmallocn(nAssets, sizeof(Asset *));
++      assets = (Asset **)gmallocn(length, sizeof(Asset *));
++      for (int i = 0; i < length; ++i) {
++	Object objKey = obj2.arrayGet(2 * i);
++	Object objVal = obj2.arrayGet(2 * i + 1);
+ 
+-      int counter = 0;
+-      for (int i = 0; i < nAssets; ++i) {
+-        assets[counter] = new AnnotRichMedia::Asset;
+-
+-        Object objKey = obj2.arrayGet(i * 2);
+-        assets[counter]->fileSpec = obj2.arrayGet(i * 2 + 1);
+-
+-        assets[counter]->name = new GooString( objKey.getString() );
+-        ++counter;
++	if (!objKey.isString() || objVal.isNull()) {
++	  error(errSyntaxError, -1, "Bad Annot Asset");
++	  continue;
++	}
+ 
++	assets[nAssets] = new AnnotRichMedia::Asset;
++	assets[nAssets]->name = new GooString( objKey.getString() );
++	assets[nAssets]->fileSpec = std::move(objVal);
++	++nAssets;
+       }
+     }
+   }
+-- 
+2.20.1
+
diff --git a/poppler.spec b/poppler.spec
index 314b2a8..deb3ad8 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -4,7 +4,7 @@
 Summary: PDF rendering library
 Name:    poppler
 Version: 0.67.0
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
 Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -37,6 +37,9 @@ Patch11:  poppler-0.67.0-valid-embedded-file.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1649450
 Patch12:  poppler-0.67.0-valid-embedded-file-name.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1665259
+Patch13:  poppler-0.67.0-rich-media-annotation.patch
+
 BuildRequires: cmake
 BuildRequires: gcc-c++
 BuildRequires: gettext-devel
@@ -267,6 +270,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Mon Jan 21 2019 Marek Kasik <mkasik@redhat.com> - 0.67.0-7
+- Do not try to construct invalid rich media annotation assets
+- Resolves: #1665260
+
 * Thu Nov 15 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-6
 - Check for valid file name of embedded file
 - Resolves: #1649451