fix for CVE-2023-38559

Resolves: rhbz#2224372

ghostscript-9.54.0-CVE-2023-38559.patch

@@ -0,0 +1,27 @@
+From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
+ devices/gdevpcx.c
+
+Bounds check the buffer, before dereferencing the pointer.
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gdevdevn.c b/base/gdevdevn.c
+index 7b14d9c71..6351fb77a 100644
+--- a/base/gdevdevn.c
++++ b/base/gdevdevn.c
+@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
+         byte data = *from;
+ 
+         from += step;
+-        if (data != *from || from == end) {
++        if (from >= end || data != *from) {
+             if (data >= 0xc0)
+                 gp_fputc(0xc1, file);
+         } else {
+-- 
+2.41.0
+

ghostscript.spec

@@ -42,7 +42,7 @@
 Name:             ghostscript
 Summary:          Interpreter for PostScript language & PDF
 Version:          9.54.0
-Release:          12%{?dist}
+Release:          13%{?dist}
 
 License:          AGPLv3+
 
@@ -111,6 +111,7 @@ Patch006: ghostscript-9.54.0-ESC-Page-driver-does-not-set-page-size-correctly.pa
 Patch007: ghostscript-9.54.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch
 Patch008: ghostscript-9.54.0-CVE-2023-28879.patch
 Patch009: ghostscript-9.54.0-CVE-2023-36664.patch
+Patch010: ghostscript-9.54.0-CVE-2023-38559.patch
 
 # Downstream patches -- these should be always included when doing rebase:
 # ------------------
@@ -444,6 +445,11 @@ done
 # =============================================================================
 
 %changelog
+
+* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.54.0-13
+- fix for CVE-2023-38559
+- Resolves: rhbz#2224372
+
 * Tue Aug 01 2023 Richard Lescak <rlescak@redhat.com> - 9.54.0-12
 - fix for CVE-2023-36664
 - Resolves: rhbz#2217810