diff -r 5ee407fd058a -r e8b0f6b16632 components/desktop/poppler/patches/poppler-05-CVE-2013-1788-CVE-2013-1790.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/desktop/poppler/patches/poppler-05-CVE-2013-1788-CVE-2013-1790.patch	Mon Jan 25 14:14:00 2016 -0800
@@ -0,0 +1,94 @@
+Patch taken from the Desktop consolidation.
+See BugDB CR #16768440
+Forward port 16680850 to 12.0 - CVE-2013-1788 CVE-2013-1790 Multiple poppler vul
+for more details.
+
+This problem has already been fixed upstream.
+
+--- poppler-0.14.4/splash/Splash.cc.orig	2013-05-06 17:28:39.078218632 +0530
++++ poppler-0.14.4/splash/Splash.cc	2013-05-06 17:29:42.140592523 +0530
+@@ -1467,11 +1467,14 @@ SplashPath *Splash::makeDashedPath(Splas
+   lineDashStartPhase -= (SplashCoord)i * lineDashTotal;
+   lineDashStartOn = gTrue;
+   lineDashStartIdx = 0;
+-  while (lineDashStartPhase >= state->lineDash[lineDashStartIdx]) {
++  while (lineDashStartIdx < state->lineDashLength && lineDashStartPhase >= state->lineDash[lineDashStartIdx]) {
+     lineDashStartOn = !lineDashStartOn;
+     lineDashStartPhase -= state->lineDash[lineDashStartIdx];
+     ++lineDashStartIdx;
+   }
++  if (unlikely(lineDashStartIdx == state->lineDashLength)) {
++    return new SplashPath();
++  }
+ 
+   dPath = new SplashPath();
+ 
+--- poppler-0.14.4/poppler/Function.cc.orig	2013-05-06 17:30:41.028643270 +0530
++++ poppler-0.14.4/poppler/Function.cc	2013-05-06 17:31:58.136702341 +0530
+@@ -13,7 +13,7 @@
+ // All changes made under the Poppler project to this file are licensed
+ // under GPL version 2 or later
+ //
+-// Copyright (C) 2006, 2008-2010 Albert Astals Cid <aacid@kde.org>
++// Copyright (C) 2006, 2008-2010, 2013 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2006 Jeff Muizelaar <jeff@infidigm.net>
+ //
+ // To see a description of the changes please see the Changelog file that
+@@ -982,6 +982,10 @@ void PSStack::copy(int n) {
+     error(-1, "Stack underflow in PostScript function");
+     return;
+   }
++  if (unlikely(sp - n > psStackSize)) {
++    error(-1, "Stack underflow in PostScript function");
++    return;
++  }
+   if (!checkOverflow(n)) {
+     return;
+   }
+--- poppler-0.14.4/poppler/Stream.cc.orig	2013-05-06 17:32:19.852360960 +0530
++++ poppler-0.14.4/poppler/Stream.cc	2013-05-06 17:40:27.582769658 +0530
+@@ -14,7 +14,7 @@
+ // under GPL version 2 or later
+ //
+ // Copyright (C) 2005 Jeff Muizelaar <jeff@infidigm.net>
+-// Copyright (C) 2006-2009 Albert Astals Cid <aacid@kde.org>
++// Copyright (C) 2006-2010, 2012, 2013 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2007 Krzysztof Kowalczyk <kkowalczyk@gmail.com>
+ // Copyright (C) 2008 Julien Rebetez <julien@fhtagn.net>
+ // Copyright (C) 2009 Carlos Garcia Campos <carlosgc@gnome.org>
+@@ -1579,8 +1579,9 @@ int CCITTFaxStream::lookChar() {
+       for (i = 0; codingLine[i] < columns; ++i) {
+ 	refLine[i] = codingLine[i];
+       }
+-      refLine[i++] = columns;
+-      refLine[i] = columns;
++      for (; i < columns + 2; ++i) {
++       refLine[i] = columns;
++      }
+       codingLine[0] = 0;
+       a0i = 0;
+       b1i = 0;
+@@ -2116,7 +2117,8 @@ GBool CCITTFaxStream::isBinary(GBool las
+ 
+ // clip [-256,511] --> [0,255]
+ #define dctClipOffset 256
+-static Guchar dctClip[768];
++#define dctClipLength 768
++static Guchar dctClip[dctClipLength];
+ static int dctClipInit = 0;
+ 
+ // zig zag decode map
+@@ -3062,7 +3064,12 @@ void DCTStream::transformDataUnit(Gushor
+ 
+   // convert to 8-bit integers
+   for (i = 0; i < 64; ++i) {
+-    dataOut[i] = dctClip[dctClipOffset + 128 + ((dataIn[i] + 8) >> 4)];
++    const int ix = dctClipOffset + 128 + ((dataIn[i] + 8) >> 4);
++    if (unlikely(ix < 0 || ix >= dctClipLength)) {
++      dataOut[i] = 0;
++    } else {
++      dataOut[i] = dctClip[ix];
++    }
+   }
+ }
+