From: Ray Johnston <ray.johnston@artifex.com>
Date: Wed, 19 Jul 2017 22:05:33 -0700
Subject: Fix Bug 696398: Segfault with fuzzing file.
Origin: http://git.ghostscript.com/?p=ghostpdl.git;h=983e56cb679768fe5a048fbb33a43259efb9afbf
Bug: https://bugs.ghostscript.com/show_bug.cgi?id=696398

Oveflow of integer caused later failure even if allocation of the
ht_buffer succeeded.  Detect overflow, return error.
---
 base/gxht_thresh.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/base/gxht_thresh.c b/base/gxht_thresh.c
index 35f8e3f57..3fb840213 100644
--- a/base/gxht_thresh.c
+++ b/base/gxht_thresh.c
@@ -711,6 +711,9 @@ gxht_thresh_image_init(gx_image_enum *penum)
            space */
         max_height = (int) ceil(fixed2float(any_abs(penum->dst_height)) /
                                             (float) penum->Height);
+        if ((max_height > 0) && (penum->ht_stride * spp_out > max_int / max_height))
+            return -1;         /* overflow */
+
         penum->ht_buffer =
                         gs_alloc_bytes(penum->memory,
                            penum->ht_stride * max_height * spp_out,
-- 
2.17.0