From 35b278896f759105e82edc567bc6bf8415777ef3 Mon Sep 17 00:00:00 2001
From: Blake Warner <blake@null3d.com>
Date: Sat, 5 Feb 2022 15:37:51 -0500
Subject: [PATCH] fixed heap overflow

---
 src/convert.cpp | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/src/convert.cpp b/src/convert.cpp
index 8284cdeb..b46997d0 100644
--- a/src/convert.cpp
+++ b/src/convert.cpp
@@ -103,7 +103,45 @@ const volatile unsigned char One2Eight[2] =
 void UnswapCopyWrap(const u8 *src, word srcIdx, u8 *dest, word destIdx, word destMask, word numBytes)
 {
 #ifdef NATIVE
-    memcpy(dest + destIdx, src + srcIdx, numBytes);
+	// copy leading bytes
+	word leadingBytes = srcIdx & 3;
+	if(leadingBytes != 0)
+	{
+		leadingBytes = 4 - leadingBytes;
+		if(leadingBytes > numBytes)
+			leadingBytes = numBytes;
+		numBytes -= leadingBytes;
+
+		for(u32 i = 0; i < leadingBytes; i++)
+		{
+			dest[destIdx & destMask] = src[srcIdx];
+			++destIdx;
+			++srcIdx;
+		}
+	}
+
+	// copy dwords
+	int numDWords = numBytes >> 2;
+	while(numDWords--)
+	{
+		dest[(destIdx + 0) & destMask] = src[srcIdx++];
+		dest[(destIdx + 1) & destMask] = src[srcIdx++];
+		dest[(destIdx + 2) & destMask] = src[srcIdx++];
+		dest[(destIdx + 3) & destMask] = src[srcIdx++];
+		destIdx += 4;
+	}
+
+	// copy trailing bytes
+	int trailingBytes = numBytes & 3;
+	if(trailingBytes)
+	{
+		for(int i = 0; i < trailingBytes; i++)
+		{
+			dest[destIdx & destMask] = src[srcIdx];
+			++destIdx;
+			++srcIdx;
+		}
+	}
 #else
 	// copy leading bytes
 	word leadingBytes = srcIdx & 3;