Description: Sanity check for memory allocation.
 In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
 variable holding the actual number of bytes we allocate.
Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0c0b085
Author: Chris Liddell <chris.liddell@artifex.com>
Forwarded: yes
Bug-Debian: http://bugs.debian.org/793489
Last-Update: 2015-07-26

--- a/base/gsmalloc.c
+++ b/base/gsmalloc.c
@@ -178,7 +178,7 @@
     } else {
         uint added = size + sizeof(gs_malloc_block_t);
 
-        if (mmem->limit - added < mmem->used)
+        if (added <= size || mmem->limit - added < mmem->used)
             set_msg("exceeded limit");
         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
             set_msg("failed");