$OpenBSD: patch-base_gsmalloc_c,v 1.1 2015/07/24 12:46:23 jasper Exp $

CVE-2015-3228 ghostscript-core: out-of-bounbds read and write in gs_ttf.ps
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b085

--- base/gsmalloc.c.orig	Fri Jul 24 10:12:58 2015
+++ base/gsmalloc.c	Fri Jul 24 10:20:28 2015
@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, clie
     } else {
         uint added = size + sizeof(gs_malloc_block_t);
 
-        if (mmem->limit - added < mmem->used)
+        if (added <= size || mmem->limit - added < mmem->used)
             set_msg("exceeded limit");
         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
             set_msg("failed");
