From f9092f6545a7cca0a6ce0271fbea77c75a2dae35 Mon Sep 17 00:00:00 2001
From: Richard Lescak <rlescak@redhat.com>
Date: Fri, 4 Aug 2023 15:38:17 +0200
Subject: [PATCH] fix for CVE-2023-38559

Resolves: rhbz#2224371
---
 ghostscript-9.27-CVE-2023-38559.patch | 27 +++++++++++++++++++++++++++
 ghostscript.spec                      |  7 ++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 ghostscript-9.27-CVE-2023-38559.patch

diff --git a/ghostscript-9.27-CVE-2023-38559.patch b/ghostscript-9.27-CVE-2023-38559.patch
new file mode 100644
index 0000000..74e6fb8
--- /dev/null
+++ b/ghostscript-9.27-CVE-2023-38559.patch
@@ -0,0 +1,27 @@
+From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
+ devices/gdevpcx.c
+
+Bounds check the buffer, before dereferencing the pointer.
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gdevdevn.c b/base/gdevdevn.c
+index 7b14d9c71..6351fb77a 100644
+--- a/base/gdevdevn.c
++++ b/base/gdevdevn.c
+@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
+         byte data = *from;
+ 
+         from += step;
+-        if (data != *from || from == end) {
++        if (from >= end || data != *from) {
+             if (data >= 0xc0)
+                 putc(0xc1, file);
+         } else {
+-- 
+2.41.0
+
diff --git a/ghostscript.spec b/ghostscript.spec
index 315fadb..a9a73eb 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -37,7 +37,7 @@
 Name:             ghostscript
 Summary:          Interpreter for PostScript language & PDF
 Version:          9.27
-Release:          9%{?dist}
+Release:          10%{?dist}
 
 License:          AGPLv3+
 
@@ -110,6 +110,7 @@ Patch017: ghostscript-9.27-ESC-Page-driver-does-not-set-page-size-correctly.patc
 Patch018: ghostscript-9.27-fix-bbox.patch
 Patch019: ghostscript-9.27-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch
 Patch020: ghostscript-9.27-CVE-2023-28879.patch
+Patch021: ghostscript-9.27-CVE-2023-38559.patch
 
 
 # Downstream patches -- these should be always included when doing rebase:
@@ -450,6 +451,10 @@ done
 # =============================================================================
 
 %changelog
+* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.27-10
+- fix for CVE-2023-38559
+- Resolves: rhbz#2224371
+
 * Fri May 05 2023 Richard Lescak <rlescak@redhat.com> - 9.27-9
 - fix for CVE-2023-28879
 - Resolves: rhbz#2188297