[2019-08-06] - Found with American Fuzzy Lop - CVE-2019-14691

Heap-based buffer overflow in CdtmLoader::load(), in src/dtm.cpp.

```
=================================================================
==5873==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000001384 at pc 0x7fcee873f465 bp 0x7fff110e4d70 sp 0x7fff110e4d68
WRITE of size 1 at 0x621000001384 thread T0
    #0 0x7fcee873f464 in CdtmLoader::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, CFileProvider const&) /home/fcambus/adplug/src/dtm.cpp:101:40
    #1 0x7fcee86e91d5 in CAdPlug::factory(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Copl*, CPlayers const&, CFileProvider const&) /home/fcambus/adplug/src/adplug.cpp:169:10
    #2 0x4fcd62 in play(char const*, Player*, int) /home/fcambus/adplay-unix/src/adplay.cc:309:11
    #3 0x4fbaf4 in main /home/fcambus/adplay-unix/src/adplay.cc:544:5
    #4 0x7fcee7f2709a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #5 0x41f759 in _start (/home/fcambus/reps/adplay+0x41f759)

0x621000001384 is located 4 bytes to the right of 4736-byte region [0x621000000100,0x621000001380)
allocated by thread T0 here:
    #0 0x4f67e2 in operator new(unsigned long) (/home/fcambus/reps/adplay+0x4f67e2)
    #1 0x7fcee873e727 in CdtmLoader::factory(Copl*) /home/fcambus/adplug/src/dtm.cpp:32:10
    #2 0x7fcee86e911d in CAdPlug::factory(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Copl*, CPlayers const&, CFileProvider const&) /home/fcambus/adplug/src/adplug.cpp:168:10
    #3 0x4fcd62 in play(char const*, Player*, int) /home/fcambus/adplay-unix/src/adplay.cc:309:11
    #4 0x4fbaf4 in main /home/fcambus/adplay-unix/src/adplay.cc:544:5
    #5 0x7fcee7f2709a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/fcambus/adplug/src/dtm.cpp:101:40 in CdtmLoader::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, CFileProvider const&)
Shadow bytes around the buggy address:
  0x0c427fff8220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c427fff8230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c427fff8240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c427fff8250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c427fff8260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fff8270:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c427fff8280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c427fff8290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c427fff82a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c427fff82b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c427fff82c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==5873==ABORTING
```