SDL_mixer: fix off-by-one buffer overflow in load_instrument (github bug #299)

From 8367bc3ed276dd46f94e6bdad17034374c1feb5e Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Wed, 17 Feb 2021 11:50:10 +0300
Subject: [PATCH] fix off-by-one buffer overflow in load_instrument (github bug
 #299)

---
 timidity/instrum.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/timidity/instrum.c b/timidity/instrum.c
index 25f6e9a..d8584ae 100644
--- a/timidity/instrum.c
+++ b/timidity/instrum.c
@@ -669,8 +669,8 @@ static InstrumentLayer *load_instrument(const char *name, int font_type, int per
         {
 	  goto fail;
 	}
-      sp->data = safe_malloc(sp->data_length + 1);
-      lp->size += sp->data_length + 1;
+      sp->data = safe_malloc(sp->data_length + 2);
+      lp->size += sp->data_length + 2;
 
       if (1 != fread(sp->data, sp->data_length, 1, fp))
 	goto fail;
@@ -822,7 +822,7 @@ static InstrumentLayer *load_instrument(const char *name, int font_type, int per
 	uint8 *gulp,*ulp;
 	int16 *swp;
 	int l=sp->data_length >> FRACTION_BITS;
-	gulp=ulp=safe_malloc(l+1);
+	gulp=ulp=safe_malloc(l+2);
 	swp=(int16 *)sp->data;
 	while(l--)
 	  *ulp++ = (*swp++ >> 8) & 0xFF;