Description: Sanity check for memory allocation. In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the variable holding the actual number of bytes we allocate. Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0c0b085 Author: Chris Liddell Forwarded: yes Bug-Debian: http://bugs.debian.org/793489 Last-Update: 2015-07-26 --- a/base/gsmalloc.c +++ b/base/gsmalloc.c @@ -178,7 +178,7 @@ } else { uint added = size + sizeof(gs_malloc_block_t); - if (mmem->limit - added < mmem->used) + if (added <= size || mmem->limit - added < mmem->used) set_msg("exceeded limit"); else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) set_msg("failed");