From 9807f9877a69b70c7b49f5eea3c60b8e0af113f3 Mon Sep 17 00:00:00 2001
From: Toni Wilen <twilen@winuae.net>
Date: Sun, 8 Aug 2021 14:25:18 +0300
Subject: [PATCH] Include extra byte at the end of buffer, unaligned template
 can cause extra access.

---
 od-win32/picasso96_win.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/od-win32/picasso96_win.cpp b/od-win32/picasso96_win.cpp
index 29174bf5..cc96291e 100644
--- a/od-win32/picasso96_win.cpp
+++ b/od-win32/picasso96_win.cpp
@@ -3757,7 +3757,7 @@ static uae_u32 REGPARAM2 picasso_BlitTemplate(TrapContext *ctx)
 			uae_u8 *tmpl_buffer = NULL;
 			if (indirect) {
 				int tmpl_size = H * tmp.BytesPerRow * Bpp;
-				tmpl_buffer = xcalloc(uae_u8, tmpl_size);
+				tmpl_buffer = xcalloc(uae_u8, tmpl_size + 1);
 				trap_get_bytes(ctx, tmpl_buffer, tmp.AMemory, tmpl_size);
 				tmpl_base = tmpl_buffer + tmp.XOffset / 8;
 			} else {
-- 
2.47.3