diff --git a/CHANGES b/CHANGES
index 43f11beb5..5c4f6c5db 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,7 @@ Bugfixes:
  - GB MBC: Fix ROM bank overflows getting set to bank 0
  - Qt: Fix timing issues on high refresh rate monitors
  - GBA Savedata: Fix savedata unmasking (fixes mgba.io/i/441)
+ - Util: Fix overflow when loading invalid UPS patches
 Misc:
  - Qt: Improved HiDPI support
  - Feature: Support ImageMagick 7
diff --git a/src/util/patch-ups.c b/src/util/patch-ups.c
index 80573387a..9cea7b33d 100644
--- a/src/util/patch-ups.c
+++ b/src/util/patch-ups.c
@@ -87,6 +87,9 @@ bool _UPSApplyPatch(struct Patch* patch, const void* in, size_t inSize, void* ou
 			if (patch->vf->read(patch->vf, &byte, 1) != 1) {
 				return false;
 			}
+			if (offset >= outSize) {
+				return false;
+			}
 			buf[offset] ^= byte;
 			++offset;
 			if (!byte) {