Include extra byte at the end of buffer, unaligned template can cause extra access.

author Toni Wilen <twilen@winuae.net>

Sun, 8 Aug 2021 11:25:18 +0000 (14:25 +0300)

committer Toni Wilen <twilen@winuae.net>

Sun, 8 Aug 2021 11:25:18 +0000 (14:25 +0300)
author Toni Wilen <twilen@winuae.net>
Sun, 8 Aug 2021 11:25:18 +0000 (14:25 +0300)
committer Toni Wilen <twilen@winuae.net>
Sun, 8 Aug 2021 11:25:18 +0000 (14:25 +0300)
diff --git a/od-win32/picasso96_win.cpp b/od-win32/picasso96_win.cpp

index 29174bf5bd5e76a1bb1299840abc4a928b59664a..cc96291e736cc70be8a8bd20ec2ec0655f2673f7 100644 (file)
--- a/od-win32/picasso96_win.cpp
+++ b/od-win32/picasso96_win.cpp
@@ -3757,7 +3757,7 @@ static uae_u32 REGPARAM2 picasso_BlitTemplate(TrapContext *ctx)
                         uae_u8 *tmpl_buffer = NULL;
                         if (indirect) {
                                 int tmpl_size = H * tmp.BytesPerRow * Bpp;
-                               tmpl_buffer = xcalloc(uae_u8, tmpl_size);
+                               tmpl_buffer = xcalloc(uae_u8, tmpl_size + 1);
                                 trap_get_bytes(ctx, tmpl_buffer, tmp.AMemory, tmpl_size);
                                 tmpl_base = tmpl_buffer + tmp.XOffset / 8;
                         } else {
author	Toni Wilen <twilen@winuae.net>
	Sun, 8 Aug 2021 11:25:18 +0000 (14:25 +0300)
committer	Toni Wilen <twilen@winuae.net>
	Sun, 8 Aug 2021 11:25:18 +0000 (14:25 +0300)