diff --git a/cairo-fix-wrong-allocation-in-cairo_pdf_surface_add_source_surface b/cairo-fix-wrong-allocation-in-cairo_pdf_surface_add_source_surface
new file mode 100644
index 0000000..e507b18
--- /dev/null
+++ b/cairo-fix-wrong-allocation-in-cairo_pdf_surface_add_source_surface
@@ -0,0 +1,29 @@
+From: Jeff Mahoney <jeffm@suse.com>
+Subject: cairo: Fix wrong allocation in _cairo_pdf_surface_add_source_surface
+References: bnc#758422
+
+ _cairo_pdf_surface_add_source_surface allocates unique_id with
+ size unique_id_length but then copies surface_key.unique_id_length into it.
+
+ This causes e.g. evince to crash predictably while trying to print with:
+  *** buffer overflow detected ***: evince terminated
+
+ We should be using surface_key.unique_id_length instead.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+---
+ src/cairo-pdf-surface.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/cairo-pdf-surface.c
++++ b/src/cairo-pdf-surface.c
+@@ -1379,7 +1379,7 @@ _cairo_pdf_surface_add_source_surface (c
+ 	    goto release_source;
+ 
+ 	if (surface_key.unique_id && surface_key.unique_id_length > 0) {
+-	    unique_id = malloc (unique_id_length);
++	    unique_id = malloc (surface_key.unique_id_length);
+ 	    if (unique_id == NULL) {
+ 		status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ 		goto release_source;
+
diff --git a/cairo.changes b/cairo.changes
index 8a1bed2..078cc44 100644
--- a/cairo.changes
+++ b/cairo.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Sat Apr 21 15:34:36 UTC 2012 - jeffm@suse.com
+
+- Fix wrong allocation in _cairo_pdf_surface_add_source_surface (bnc#758422).
+
 -------------------------------------------------------------------
 Mon Mar 26 18:57:45 UTC 2012 - zaitor@opensuse.org
 
diff --git a/cairo.spec b/cairo.spec
index a4d47e2..f0a597f 100644
--- a/cairo.spec
+++ b/cairo.spec
@@ -30,6 +30,7 @@ Source:         http://cairographics.org/releases/%{name}-%{version}.tar.gz
 Source99:       baselibs.conf
 # PATCH-FIX-UPSTREAM cairo-modules-no-version.patch dimstar@opensuse.org -- Build modules with -module -avoid-version.
 Patch0:         cairo-modules-no-version.patch
+Patch1:         cairo-fix-wrong-allocation-in-cairo_pdf_surface_add_source_surface
 # These libraries are needed only for tests.
 # Do not enable tests in build systems, it causes build loop!
 #BuildRequires:  librsvg-devel poppler-devel
@@ -146,6 +147,7 @@ cairo.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 NOCONFIGURE=1 ./autogen.sh