diff --git a/rpm-4.13.0-fix-crash-on-corrupted.patch b/rpm-4.13.0-fix-crash-on-corrupted.patch
new file mode 100644
index 0000000..fd93a54
--- /dev/null
+++ b/rpm-4.13.0-fix-crash-on-corrupted.patch
@@ -0,0 +1,59 @@
+From 9c36ca411332d2718eca339e867561c39abc256b Mon Sep 17 00:00:00 2001
+From: Lubos Kardos <lkardos@redhat.com>
+Date: Fri, 6 Nov 2015 14:49:59 +0100
+Subject: [PATCH] Fix crash when parsing corrupted RPM file (rhbz:1273360)
+
+---
+ lib/legacy.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/legacy.c b/lib/legacy.c
+index 422c2b0..8ba7bbd 100644
+--- a/lib/legacy.c
++++ b/lib/legacy.c
+@@ -25,7 +25,7 @@ static void compressFilelist(Header h)
+     char ** dirNames;
+     const char ** baseNames;
+     uint32_t * dirIndexes;
+-    rpm_count_t count;
++    rpm_count_t count, realCount = 0;
+     int i;
+     int dirIndex = -1;
+ 
+@@ -58,6 +58,7 @@ static void compressFilelist(Header h)
+ 	    while ((i = rpmtdNext(&fileNames)) >= 0) {
+ 		dirIndexes[i] = dirIndex;
+ 		baseNames[i] = rpmtdGetString(&fileNames);
++		realCount++;
+ 	    }
+ 	    goto exit;
+ 	}
+@@ -87,19 +88,20 @@ static void compressFilelist(Header h)
+ 	    (needle = bsearch(&filename, dirNames, dirIndex + 1, sizeof(dirNames[0]), dncmp)) == NULL) {
+ 	    char *s = xmalloc(len + 1);
+ 	    rstrlcpy(s, filename, len + 1);
+-	    dirIndexes[i] = ++dirIndex;
++	    dirIndexes[realCount] = ++dirIndex;
+ 	    dirNames[dirIndex] = s;
+ 	} else
+-	    dirIndexes[i] = needle - dirNames;
++	    dirIndexes[realCount] = needle - dirNames;
+ 
+ 	*baseName = savechar;
+-	baseNames[i] = baseName;
++	baseNames[realCount] = baseName;
++	realCount++;
+     }
+ 
+ exit:
+     if (count > 0) {
+-	headerPutUint32(h, RPMTAG_DIRINDEXES, dirIndexes, count);
+-	headerPutStringArray(h, RPMTAG_BASENAMES, baseNames, count);
++	headerPutUint32(h, RPMTAG_DIRINDEXES, dirIndexes, realCount);
++	headerPutStringArray(h, RPMTAG_BASENAMES, baseNames, realCount);
+ 	headerPutStringArray(h, RPMTAG_DIRNAMES, 
+ 			     (const char **) dirNames, dirIndex + 1);
+     }
+-- 
+1.9.3
+
diff --git a/rpm.spec b/rpm.spec
index 1df09c8..1ad3d84 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -29,7 +29,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}6%{?dist}
+Release: %{?snapver:0.%{snapver}.}7%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2
@@ -56,6 +56,7 @@ Patch100: rpm-4.13.0-rc1-Fix-new-richdep-syntax.patch
 Patch101: rpm-4.13.0-selinux--permissive-scriptlets.patch
 Patch102: rpm-4.13.0-unsupported-keys.patch
 Patch103: rpm-4.13.0-ignore-sigpipe.patch
+Patch104: rpm-4.13.0-fix-crash-on-corrupted.patch
 
 # These are not yet upstream
 Patch302: rpm-4.7.1-geode-i686.patch
@@ -558,6 +559,9 @@ exit 0
 %doc doc/librpm/html/*
 
 %changelog
+* Fri Nov 20 2015 Lubos Kardos <lkardos@redhat.com> - 4.13.0-0.rc1.7
+- Fix crash when parsing corrupted RPM file (#1273360)
+
 * Mon Nov 09 2015 Lubos Kardos <lkardos@redhat.com> - 4.13.0-0.rc1.6
 - Ignore SIGPIPE signals during execucton of scriptlets (#1264198)