From: Ludovic Rousseau <rousseau@debian.org>
Date: Wed Sep  5 15:32:00 CEST 2018
Subject: Fix heap buffer overflow

Bug-Debian: http://bugs.debian.org/907925
Description: Fix CVE-2018-17088

--- a/gpsinfo.c
+++ b/gpsinfo.c
@@ -4,6 +4,7 @@
 // Matthias Wandel,  Dec 1999 - Dec 2002 
 //--------------------------------------------------------------------------
 #include "jhead.h"
+#include <stdint.h>
 
 #define MAX_GPS_TAG 0x1e
 
@@ -101,7 +102,7 @@
             unsigned OffsetVal;
             OffsetVal = Get32u(DirEntry+8);
             // If its bigger than 4 bytes, the dir entry contains an offset.
-            if (OffsetVal+ByteCount > ExifLength){
+            if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
                 // Bogus pointer offset and / or bytecount value
                 ErrNonfatal("Illegal value pointer for Exif gps tag %04x", Tag,0);
                 continue;
