From 3b42ef03375396480bf3a8e942b39353e68ecda9 Mon Sep 17 00:00:00 2001
From: balmeras <bertrand.almeras@gmail.com>
Date: Tue, 19 May 2015 19:34:36 +0200
Subject: [libexif] Ignore invalid DMS value in GPS coordinate, and fix kodi
 crash due to buffer overflow with special value FFFFFF

---
 lib/libexif/ExifParse.cpp | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 lib/libexif/ExifParse.cpp

(limited to 'lib/libexif/ExifParse.cpp')

diff --git a/lib/libexif/ExifParse.cpp b/lib/libexif/ExifParse.cpp
old mode 100644
new mode 100755
index 635d82f600..64bb815ced
--- a/lib/libexif/ExifParse.cpp
+++ b/lib/libexif/ExifParse.cpp
@@ -823,9 +823,18 @@ void CExifParse::GetLatLong(
     {
       Values[a] = ConvertAnyFormat(ValuePtr+a*ComponentSize, Format);
     }
-    char latLong[30];
-    sprintf(latLong, "%3.0fd %2.0f' %5.2f\"", Values[0], Values[1], Values[2]);
-    strcat(latLongString, latLong);
+    if (Values[0] < 0 || Values[0] > 180 || Values[1] < 0 || Values[1] >= 60 || Values[2] < 0 || Values[2] >= 60)
+    {
+      // Ignore invalid values (DMS format expected)
+      ErrNonfatal("Invalid Lat/Long value", 0, 0);
+      latLongString[0] = 0;
+    }
+    else
+    {
+      char latLong[30];
+      sprintf(latLong, "%3.0fd %2.0f' %5.2f\"", Values[0], Values[1], Values[2]);
+      strcat(latLongString, latLong);
+    }
   }
 }
 
-- 
cgit v1.2.3