From df59a6bb677c3f54c5ac7710f434cf30af32097d Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 8 Aug 2022 23:47:11 -0400
Subject: [PATCH 1/2] Regression test for
 https://github.com/Exiv2/exiv2/issues/2320

---
 test/data/issue_2320_poc.jpg                      | Bin 0 -> 124 bytes
 tests/bugfixes/github/test_issue_2320.py          |  11 +++++++++++
 .../regression_tests/test_regression_allfiles.py  |   1 +
 3 files changed, 12 insertions(+)
 create mode 100644 test/data/issue_2320_poc.jpg
 create mode 100644 tests/bugfixes/github/test_issue_2320.py

diff --git a/test/data/issue_2320_poc.jpg b/test/data/issue_2320_poc.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..5757e109d96aedd93ab9bfc68b0937e8c908d084
GIT binary patch
literal 124
zcmebEWzb?^U|<4bCj~s9J(GbGsD>YiS-{Hv!xS^X7+{(~gn<jFh8c)ckR^b8Mlc_!
J56A`qMgV+%4Y~jT

literal 0
HcmV?d00001

diff --git a/tests/bugfixes/github/test_issue_2320.py b/tests/bugfixes/github/test_issue_2320.py
new file mode 100644
index 00000000..9aec7761
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_2320.py
@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, check_no_ASAN_UBSAN_errors
+
+class issue_2320_printDegrees_integer_overflow(metaclass=CaseMeta):
+    url      = "https://github.com/Exiv2/exiv2/issues/2320"
+    filename = "$data_path/issue_2320_poc.jpg"
+    commands = ["$exiv2 -q -pa $filename"]
+    retval   = [0]
+    stderr   = [""]
+    compare_stdout = check_no_ASAN_UBSAN_errors
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index b969fc5a..015ecdbb 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -92,6 +92,7 @@ def get_valid_files(data_dir):
         "issue_2160_poc.jpg",
         "issue_2178_poc.jp2",
         "issue_2268_poc.jp2",
+        "issue_2320_poc.jpg",
         "issue_ghsa_583f_w9pm_99r2_poc.jp2",
         "issue_ghsa_7569_phvm_vwc2_poc.jp2",
         "issue_ghsa_mxw9_qx4c_6m8v_poc.jp2",

From fe4f56d97984ee6840ec87999f6bb4f0822e80d5 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 8 Aug 2022 23:48:16 -0400
Subject: [PATCH 2/2] Credit to OSS-Fuzz:
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49894 Check that `60 *
 rem` won't overflow.

---
 src/tags_int.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tags_int.cpp b/src/tags_int.cpp
index a81a1ad3..aa1d1de3 100644
--- a/src/tags_int.cpp
+++ b/src/tags_int.cpp
@@ -2519,7 +2519,7 @@ std::ostream& printDegrees(std::ostream& os, const Value& value, const ExifData*
     const int32_t mm = min.first / min.second;
     const int32_t rem = min.first % min.second;
     if ((min.second > 1) && (rem > 0)) {
-      if ((sec.first == 0) && (sec.second == 1)) {
+      if ((sec.first == 0) && (sec.second == 1) && (rem <= std::numeric_limits<int32_t>::max() / 60)) {
         sec.first = 60 * rem;
         sec.second = min.second;
       } else {