From eb0f2e1044d274e1f05ed8eff0f39332f9919a5d Mon Sep 17 00:00:00 2001
From: lingsheng <860373352@qq.com>
Date: Tue, 25 Jun 2024 10:41:10 +0000
Subject: [PATCH] fix CVE-2024-6239

---
 backport-CVE-2024-6239.patch | 112 +++++++++++++++++++++++++++++++++++
 poppler.spec                 |  10 +++-
 2 files changed, 121 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-6239.patch

diff --git a/backport-CVE-2024-6239.patch b/backport-CVE-2024-6239.patch
new file mode 100644
index 0000000..800b961
--- /dev/null
+++ b/backport-CVE-2024-6239.patch
@@ -0,0 +1,112 @@
+From 0554731052d1a97745cb179ab0d45620589dd9c4 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 7 Jun 2024 00:54:55 +0200
+Subject: [PATCH] pdfinfo: Fix crash in broken documents when using -dests
+
+Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
+Conflict:adapt context and patch line numbers
+---
+ utils/pdfinfo.cc | 35 +++++++++++++++--------------------
+ 1 file changed, 15 insertions(+), 20 deletions(-)
+
+diff --git a/utils/pdfinfo.cc b/utils/pdfinfo.cc
+index 5d37ef64f..7d569749b 100644
+--- a/utils/pdfinfo.cc
++++ b/utils/pdfinfo.cc
+@@ -15,7 +15,7 @@
+ // under GPL version 2 or later
+ //
+ // Copyright (C) 2006 Dom Lachowicz <cinamod@hotmail.com>
+-// Copyright (C) 2007-2010, 2012, 2016-2022 Albert Astals Cid <aacid@kde.org>
++// Copyright (C) 2007-2010, 2012, 2016-2022, 2024 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2010 Hib Eris <hib@hiberis.nl>
+ // Copyright (C) 2011 Vittal Aithal <vittal.aithal@cognidox.com>
+ // Copyright (C) 2012, 2013, 2016-2018, 2021 Adrian Johnson <ajohnson@redneon.com>
+@@ -112,18 +112,23 @@ static const ArgDesc argDesc[] = { { "-f", argInt, &firstPage, 0, "first page to
+                                    { "-?", argFlag, &printHelp, 0, "print usage information" },
+                                    {} };
+ 
+-static void printTextString(const GooString *s, const UnicodeMap *uMap)
++static void printStdTextString(const std::string &s, const UnicodeMap *uMap)
+ {
+     Unicode *u;
+     char buf[8];
+-    int len = TextStringToUCS4(s->toStr(), &u);
++    int len = TextStringToUCS4(s, &u);
+     for (int i = 0; i < len; i++) {
+         int n = uMap->mapUnicode(u[i], buf, sizeof(buf));
+         fwrite(buf, 1, n, stdout);
+     }
+     gfree(u);
+ }
+ 
++static void printTextString(const GooString *s, const UnicodeMap *uMap)
++{
++    printStdTextString(s->toStr(), uMap);
++}
++
+ static void printUCS4String(const Unicode *u, int len, const UnicodeMap *uMap)
+ {
+     char buf[8];
+@@ -295,11 +300,6 @@ static void printStruct(const StructElement *element, unsigned indent)
+     }
+ }
+ 
+-struct GooStringCompare
+-{
+-    bool operator()(GooString *lhs, GooString *rhs) const { return lhs->cmp(const_cast<GooString *>(rhs)) < 0; }
+-};
+-
+ static void printLinkDest(const std::unique_ptr<LinkDest> &dest)
+ {
+     GooString s;
+@@ -370,29 +370,25 @@ static void printLinkDest(const std::unique_ptr<LinkDest> &dest)
+ 
+ static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap)
+ {
+-    std::map<Ref, std::map<GooString *, std::unique_ptr<LinkDest>, GooStringCompare>> map;
++    std::map<Ref, std::map<std::string, std::unique_ptr<LinkDest>>> map;
+ 
+     int numDests = doc->getCatalog()->numDestNameTree();
+     for (int i = 0; i < numDests; i++) {
+-        GooString *name = new GooString(doc->getCatalog()->getDestNameTreeName(i));
++        const GooString *name = doc->getCatalog()->getDestNameTreeName(i);
+         std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestNameTreeDest(i);
+-        if (dest && dest->isPageRef()) {
++        if (name && dest && dest->isPageRef()) {
+             Ref pageRef = dest->getPageRef();
+-            map[pageRef].insert(std::make_pair(name, std::move(dest)));
+-        } else {
+-            delete name;
++            map[pageRef].insert(std::make_pair(name->toStr(), std::move(dest)));
+         }
+     }
+ 
+     numDests = doc->getCatalog()->numDests();
+     for (int i = 0; i < numDests; i++) {
+-        GooString *name = new GooString(doc->getCatalog()->getDestsName(i));
++        const char *name = doc->getCatalog()->getDestsName(i);
+         std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestsDest(i);
+-        if (dest && dest->isPageRef()) {
++        if (name && dest && dest->isPageRef()) {
+             Ref pageRef = dest->getPageRef();
+             map[pageRef].insert(std::make_pair(name, std::move(dest)));
+-        } else {
+-            delete name;
+         }
+     }
+ 
+@@ -406,9 +402,8 @@ static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap)
+                     printf("%4d ", i);
+                     printLinkDest(it.second);
+                     printf(" \"");
+-                    printTextString(it.first, uMap);
++                    printStdTextString(it.first, uMap);
+                     printf("\"\n");
+-                    delete it.first;
+                 }
+             }
+         }
+-- 
+GitLab
+
diff --git a/poppler.spec b/poppler.spec
index 11e894c..81ea013 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -8,7 +8,7 @@
 
 Name:    poppler
 Version: 23.12.0
-Release: 2
+Release: 3
 Summary: PDF rendering library
 License: GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
@@ -18,6 +18,8 @@ Source1: %{name}-test-%{test_date}-%{test_sha}.tar.xz
 Patch1:  poppler-0.90.0-position-independent-code.patch
 Patch3:  poppler-21.01.0-glib-introspection.patch
 
+Patch6000: backport-CVE-2024-6239.patch
+
 BuildRequires: make
 BuildRequires: cmake
 BuildRequires: gcc-c++
@@ -260,6 +262,12 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Tue Jun 25 2024 lingsheng <lingsheng1@h-partners.com> - 23.12.0-3
+- Type:CVE
+- CVE:CVE-2024-6239
+- SUG:NA
+- DESC:fix CVE-2024-6239
+
 * Tue Apr 16 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 23.12.0-2
 - disable qt6 for loongarch64