[poppler/f20] Check for invalid matrix in annotation

[mkasik]

commit fed26b16ef876243b6a980e0bb76aefae2300d9e
Author: Marek Kasik <mkasik at redhat.com>
Date:   Mon Feb 23 13:14:03 2015 +0100

    Check for invalid matrix in annotation
    
    Resolves: #1167020

 poppler-0.24.3-invalid-matrix.patch | 43 +++++++++++++++++++++++++++++++++++++
 poppler.spec                        | 10 ++++++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
---
diff --git a/poppler-0.24.3-invalid-matrix.patch b/poppler-0.24.3-invalid-matrix.patch
new file mode 100644
index 0000000..3f52cf8
--- /dev/null
+++ b/poppler-0.24.3-invalid-matrix.patch
@@ -0,0 +1,43 @@
+From acc33a6950031ac4a5c759d043d24df0cfa7e8b6 Mon Sep 17 00:00:00 2001
+From: Jason Crain <jason at aquaticape.us>
+Date: Sat, 20 Dec 2014 02:24:49 -0600
+Subject: [PATCH] Check for invalid matrix in annotation
+
+Bug #84990
+---
+ poppler/Gfx.cc | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
+index 64a9d7b..77693f9 100644
+--- a/poppler/Gfx.cc
++++ b/poppler/Gfx.cc
+@@ -37,6 +37,7 @@
+ // Copyright (C) 2012 Even Rouault <even.rouault at mines-paris.org>
+ // Copyright (C) 2012, 2013 Fabio D'Urso <fabiodurso at hotmail.it>
+ // Copyright (C) 2012 Lu Wang <coolwanglu at gmail.com>
++// Copyright (C) 2014 Jason Crain <jason at aquaticape.us>
+ //
+ // To see a description of the changes please see the Changelog file that
+ // came with your tarball or type make ChangeLog if you are building from git
+@@ -5219,8 +5220,15 @@ void Gfx::drawAnnot(Object *str, AnnotBorder *border, AnnotColor *aColor,
+     if (matrixObj.isArray() && matrixObj.arrayGetLength() >= 6) {
+       for (i = 0; i < 6; ++i) {
+ 	matrixObj.arrayGet(i, &obj1);
+-	m[i] = obj1.getNum();
+-	obj1.free();
++	if (likely(obj1.isNum())) {
++	  m[i] = obj1.getNum();
++	  obj1.free();
++	} else {
++	  obj1.free();
++	  matrixObj.free();
++	  error(errSyntaxError, getPos(), "Bad form matrix");
++	  return;
++	}
+       }
+     } else {
+       m[0] = 1; m[1] = 0;
+-- 
+2.1.0
+
diff --git a/poppler.spec b/poppler.spec
index a6ce7f3..029bdd2 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -2,7 +2,7 @@
 Summary: PDF rendering library
 Name:    poppler
 Version: 0.24.3
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 Group:   Development/Libraries
 URL:     http://poppler.freedesktop.org/
@@ -17,6 +17,9 @@ Patch2: poppler-0.24.3-fofitype1.patch
 Patch3: poppler-0.24.3-pdfdoc-getpage.patch
 Patch4: poppler-0.24.3-xref-getentry.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1167020
+Patch5: poppler-0.24.3-invalid-matrix.patch
+
 ## upstreamable patches
 # fix configure checks for moc versions
 Patch50: poppler-0.24.2-mocversiongrep.patch
@@ -159,6 +162,7 @@ Requires: %{name}-glib%{?_isa} = %{version}-%{release}
 %patch2 -p1 -b .fofitype1
 %patch3 -p1 -b .pdfdoc-getpage
 %patch4 -p1 -b .xref-getentry
+%patch5 -p1 -b .invalid-matrix
 %patch50 -p1 -b .mocversiongrep
 
 # hammer to nuke rpaths, recheck on new releases
@@ -293,6 +297,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 
 
 %changelog
+* Mon Feb 23 2015 Marek Kasik <mkasik at redhat.com> - 0.24.3-5
+- Check for invalid matrix in annotation
+- Resolves: #1167020
+
 * Fri Dec 12 2014 Marek Kasik <mkasik at redhat.com> - 0.24.3-5
 - Fix several crashers