From 60b77b8bf8b6e4d30519c47724631012b530cf0e Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Sat, 15 Dec 2018 09:08:32 +0000
Subject: [PATCH 3/7] Bug700317: Fix logic for an older change

Unlike almost every other function in gs, dict_find_string() returns 1 on
success 0 or <0 on failure. The logic for this case was wrong.

CVE: CVE-2019-6116
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
---
 psi/interp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/psi/interp.c b/psi/interp.c
index aa5779c..f6c45bb 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -703,7 +703,7 @@ again:
                  * i.e. it's an internal operator we have hidden
                  */
                 code = dict_find_string(systemdict, (const char *)bufptr, &tobj);
-                if (code < 0) {
+                if (code <= 0) {
                     buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
                     rlen += 4;
                     bufptr = buf;
-- 
2.18.1