From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Thu, 1 Apr 2021 09:47:56 -0400
Subject: CVE-2021-23165

Fix a number-up crash bug (Issue #413)

Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
Bug: https://github.com/michaelrsweet/htmldoc/issues/413
Bug-Debian: https://bugs.debian.org/989437
---
 htmldoc/ps-pdf.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htmldoc/ps-pdf.cxx b/htmldoc/ps-pdf.cxx
index 8804df4..7fbc345 100644
--- a/htmldoc/ps-pdf.cxx
+++ b/htmldoc/ps-pdf.cxx
@@ -1318,7 +1318,7 @@ pspdf_prepare_outpages()
     chapter_outstarts[c] = num_outpages;
 
     for (i = chapter_starts[c], j = 0, nup = -1, page = pages + i;
-         i <= chapter_ends[c];
+         i <= chapter_ends[c] && num_outpages < num_pages;
 	 i ++, page ++)
     {
       if (nup != page->nup)