From 1c8dfd0870b6026681d212be3c1de6ccfc61d731 Mon Sep 17 00:00:00 2001
From: sezero <sezero@users.sourceforge.net>
Date: Sat, 25 Mar 2017 21:33:20 +0300
Subject: [PATCH] load_it.c (IT_ReadPattern): make sure that itnote pointer is
 in range. fixes last of the IT fuzzing crasher provided by Lionel Debroux.
 (id number 162.)

---
 libmikmod/loaders/load_it.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libmikmod/loaders/load_it.c b/libmikmod/loaders/load_it.c
index 9f525b09..84b77654 100644
--- a/libmikmod/loaders/load_it.c
+++ b/libmikmod/loaders/load_it.c
@@ -334,6 +334,7 @@ static BOOL IT_ReadPattern(UWORD patrows)
 	int row=0,flag,ch;
 	unsigned int blah;
 	ITNOTE *itt=itpat,dummy,*n,*l;
+	ITNOTE *ite=&itpat[200*64 -1];
 	UBYTE *m;
 
 	memset(itt,255,200*64*sizeof(ITNOTE));
@@ -353,6 +354,10 @@ static BOOL IT_ReadPattern(UWORD patrows)
 				n=&itt[ch];
 				l=&last[ch];
 				m=&mask[ch];
+				if(n > ite) { /* malformed file */
+					_mm_errno = MMERR_NOT_A_MODULE;
+					return 0;
+				}
 			} else
 			{
 				n=l=&dummy;