From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Tue, 23 Jul 2024 11:48:39 +0100
Subject: PostScript interpreter - fix buffer length check
Origin: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea69a1388245ad959d31c272b5ba66d40cebba2c
Bug: https://bugs.ghostscript.com/show_bug.cgi?id=707895
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-46956

Bug 707895

See bug report for details.

CVE-2024-46956
---
 psi/zfile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/psi/zfile.c b/psi/zfile.c
index a4f5439cd290..12a0357b41de 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -443,7 +443,7 @@ file_continue(i_ctx_t *i_ctx_p)
         if (code == ~(uint) 0) {    /* all done */
             esp -= 6;               /* pop proc, pfen, scratch, devlen, iodev , mark */
             return o_pop_estack;
-        } else if (code > len) {      /* overran string */
+        } else if (code > len - devlen) {      /* overran string */
             return_error(gs_error_rangecheck);
         }
         else if (iodev != iodev_default(imemory)
-- 
2.45.2