From f08ea6816f7d0444886983b165bc3890fb9f171f Mon Sep 17 00:00:00 2001
From: lingsheng <860373352@qq.com>
Date: Tue, 4 Nov 2025 15:11:25 +0800
Subject: [PATCH] fix CVE-2020-36024

(cherry picked from commit fbab55bfc502ceb7212a71f0b85ac76418fa99a0)
---
 backport-CVE-2020-36024.patch | 47 +++++++++++++++++++++++++++++++++++
 poppler.spec                  |  6 ++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2020-36024.patch

diff --git a/backport-CVE-2020-36024.patch b/backport-CVE-2020-36024.patch
new file mode 100644
index 0000000..59359db
--- /dev/null
+++ b/backport-CVE-2020-36024.patch
@@ -0,0 +1,47 @@
+From 3cc28b66132e66ed2dfe13a9a285ac41ac7267d5 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Wed, 23 Dec 2020 23:27:02 +0100
+Subject: [PATCH] FoFiType1C: Fix crashes with broken files
+
+Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/3cc28b66132e66ed2dfe13a9a285ac41ac7267d5
+Conflict:Adapt context
+---
+ fofi/FoFiType1C.cc | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
+index c8241f2..52bfa56 100644
+--- a/fofi/FoFiType1C.cc
++++ b/fofi/FoFiType1C.cc
+@@ -199,7 +199,6 @@ void FoFiType1C::convertToType1(const char *psName, const char **newEncoding, bo
+   Type1CIndexVal val;
+   GooString *buf;
+   char buf2[256];
+-  const char **enc;
+   bool ok;
+   int i;
+ 
+@@ -311,9 +310,9 @@ void FoFiType1C::convertToType1(const char *psName, const char **newEncoding, bo
+     (*outputFunc)(outputStream, "256 array\n", 10);
+     (*outputFunc)(outputStream,
+ 		  "0 1 255 {1 index exch /.notdef put} for\n", 40);
+-    enc = newEncoding ? newEncoding : (const char **)encoding;
++    const char **enc = newEncoding ? newEncoding : (const char **)encoding;
+     for (i = 0; i < 256; ++i) {
+-      if (enc[i]) {
++      if (enc && enc[i]) {
+ 	buf = GooString::format("dup {0:d} /{1:s} put\n", i, enc[i]);
+ 	(*outputFunc)(outputStream, buf->c_str(), buf->getLength());
+ 	delete buf;
+@@ -2029,7 +2028,7 @@ bool FoFiType1C::parse() {
+       readPrivateDict(0, 0, &privateDicts[0]);
+     } else {
+       getIndex(topDict.fdArrayOffset, &fdIdx, &parsedOk);
+-      if (!parsedOk) {
++      if (!parsedOk || fdIdx.len <= 0) {
+ 	return false;
+       }
+       nFDs = fdIdx.len;
+-- 
+2.33.0
+
diff --git a/poppler.spec b/poppler.spec
index cb01de8..96b6556 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -4,7 +4,7 @@
 Summary:        PDF rendering library
 Name:           poppler
 Version:        0.90.0
-Release:        16
+Release:        17
 License:        (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:            http://poppler.freedesktop.org/
 Source0:        http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -33,6 +33,7 @@ Patch6015:      backport-CVE-2025-50420.patch
 Patch6016:      backport-CVE-2025-43718.patch
 Patch6017:      backport-CVE-2025-52885.patch
 Patch6018:      backport-CVE-2025-43903.patch
+Patch6019:      backport-CVE-2020-36024.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -233,6 +234,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Tue Nov 04 2025 lingsheng <lingsheng1@h-partners.com> - 0.90.0-17
+- fix CVE-2020-36024
+
 * Mon Oct 20 2025 lingsheng <lingsheng1@h-partners.com> - 0.90.0-16
 - fix CVE-2025-43903
 
-- 
Gitee