From 55efd3555dadf01a9ce289f6442fcc067c3f327c Mon Sep 17 00:00:00 2001
From: lww <12567360+lww12344@user.noreply.gitee.com>
Date: Fri, 7 Jun 2024 19:49:35 +0800
Subject: [PATCH] CVE-2020-36024

---
 poppler-20.11.0-fix-crash-in-FoFiType1C.patch | 45 +++++++++++++++++++
 poppler.spec                                  |  7 ++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 poppler-20.11.0-fix-crash-in-FoFiType1C.patch

diff --git a/poppler-20.11.0-fix-crash-in-FoFiType1C.patch b/poppler-20.11.0-fix-crash-in-FoFiType1C.patch
new file mode 100644
index 0000000..80f406c
--- /dev/null
+++ b/poppler-20.11.0-fix-crash-in-FoFiType1C.patch
@@ -0,0 +1,45 @@
+From 3cc28b66132e66ed2dfe13a9a285ac41ac7267d5 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Wed, 23 Dec 2020 23:27:02 +0100
+Subject: [PATCH] FoFiType1C: Fix crashes with broken files
+
+---
+ fofi/FoFiType1C.cc | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
+index 0387b0a87..4c2e9a770 100644
+--- a/fofi/FoFiType1C.cc
++++ b/fofi/FoFiType1C.cc
+@@ -194,7 +194,6 @@ void FoFiType1C::convertToType1(const char *psName, const char **newEncoding, bo
+     Type1CIndexVal val;
+     GooString *buf;
+     char buf2[256];
+-    const char **enc;
+     bool ok;
+     int i;
+ 
+@@ -299,9 +298,9 @@ void FoFiType1C::convertToType1(const char *psName, const char **newEncoding, bo
+     } else {
+         (*outputFunc)(outputStream, "256 array\n", 10);
+         (*outputFunc)(outputStream, "0 1 255 {1 index exch /.notdef put} for\n", 40);
+-        enc = newEncoding ? newEncoding : (const char **)encoding;
++        const char **enc = newEncoding ? newEncoding : (const char **)encoding;
+         for (i = 0; i < 256; ++i) {
+-            if (enc[i]) {
++            if (enc && enc[i]) {
+                 buf = GooString::format("dup {0:d} /{1:s} put\n", i, enc[i]);
+                 (*outputFunc)(outputStream, buf->c_str(), buf->getLength());
+                 delete buf;
+@@ -1945,7 +1944,7 @@ bool FoFiType1C::parse()
+             readPrivateDict(0, 0, &privateDicts[0]);
+         } else {
+             getIndex(topDict.fdArrayOffset, &fdIdx, &parsedOk);
+-            if (!parsedOk) {
++            if (!parsedOk || fdIdx.len <= 0) {
+                 return false;
+             }
+             nFDs = fdIdx.len;
+-- 
+GitLab
+
diff --git a/poppler.spec b/poppler.spec
index c25792c..c4aedcd 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.1
+%define anolis_release .0.2
 %global test_sha 0d2bfd4af4c76a3bac27ccaff793d9129df7b57a
 %global test_date 2009-05-13
 
@@ -46,6 +46,8 @@ Patch28: poppler-20.11.0-check-isDict.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2189810
 Patch29: poppler-20.11.0-XRef-check-isDict.patch
 
+Patch30: poppler-20.11.0-fix-crash-in-FoFiType1C.patch
+
 BuildRequires: cmake
 BuildRequires: gettext-devel
 BuildRequires: pkgconfig(cairo)
@@ -261,6 +263,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %doc README.md
 
 %changelog
+* Fri Jun 07 2024 lutw <lutw@ieisystem.com> - 21.01.0-10.0.2
+- Fix CVE-2020-36024
+
 * Fri Dec 08 2023 liuzhilin <liuzhilin@uniontech.com> - 21.01.0-10.0.1
 - Add doc sub package
 - Add BR mesa-libEGL-devel
-- 
Gitee