CVE-2020-15900: Integer overflow (signed left-shift UB) in Ghostscript bitshift PostScript operator

In Ghostscript 9.52 (psi/zrelbit.c), the zbitshift function that implements the PostScript bitshift operator performs a left-shift of a SIGNED 64-bit integer (ps_int = int64_t) using op[-1].value.intval <<= shift where shift can be up to 63 (inclusive). Left-shifting a signed integer into or past the sign bit is undefined behavior per C99 §6.5.7. The valid safe range for signed left shift is [0, bit_width-2] (i.e., max 62 for int64_t), but the code computes max_shift as (sizeof(ps_int)*8) - 1 = 63, allowing shift=63. When the PostScript interpreter is invoked with a crafted script calling bitshift with a large positive or negative shift count, UB is triggered. The PostScript spec actually requires unsigned semantics for bitshift, so the correct fix is to cast to ps_uint before shifting. CVE-2020-15900 is fixed in 9.53.0.