#1176 Fix memory out of bounds memory write when bulk overriding components

without this fix, the newly introduced test case would segfault. This bug happens due to the fact that in C you loop count times, but also offset the dest_ptr, and then within the copy impl of C++, it loops count again, this means you would go count-1 * size_obj out of memory bounds for src as well as dest ptr.

This fix is the correct fix as it limits src ptr to just 1, while the dest ptr still gets offset each iteration.

(this was previously discussed with sanders, the information above is just for tracking why & what)

Author: Indra-db

flecs.c

@@ -15148,7 +15148,7 @@ void flecs_override_copy(
     int32_t i;
     if (copy) {
         for (i = 0; i < count; i ++) {
-            copy(ptr, src, count, ti);
+            copy(ptr, src, 1, ti);
             ptr = ECS_OFFSET(ptr, size);
         }
     } else {

src/observable.c

@@ -500,7 +500,7 @@ void flecs_override_copy(
     int32_t i;
     if (copy) {
         for (i = 0; i < count; i ++) {
-            copy(ptr, src, count, ti);
+            copy(ptr, src, 1, ti);
             ptr = ECS_OFFSET(ptr, size);
         }
     } else {

test/api/project.json

@@ -1068,7 +1068,8 @@
                 "on_set_hook_on_override",
                 "on_set_hook_on_auto_override",
                 "batched_set_new_component_w_lifecycle",
-                "batched_ensure_new_component_w_lifecycle"
+                "batched_ensure_new_component_w_lifecycle",
+                "on_nested_prefab_copy_test_invokes_copy_count"
             ]
         }, {
             "id": "Sorting",