From: Chris Liddell <chris.liddell@artifex.com>
Date: Mon, 17 Jul 2023 14:06:37 +0100
Subject: Bug 706897: Copy pcx buffer overrun fix from devices/gdevpcx.c
Origin: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f
Bug-Debian: https://bugs.debian.org/1043033
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-38559

Bounds check the buffer, before dereferencing the pointer.
---
 base/gdevdevn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/base/gdevdevn.c b/base/gdevdevn.c
index 7b14d9c712b4..6351fb77ac75 100644
--- a/base/gdevdevn.c
+++ b/base/gdevdevn.c
@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
         byte data = *from;
 
         from += step;
-        if (data != *from || from == end) {
+        if (from >= end || data != *from) {
             if (data >= 0xc0)
                 gp_fputc(0xc1, file);
         } else {
-- 
2.40.1