From 55cbf6e20b7323f2784977007a72e54d7a6b6f53 Mon Sep 17 00:00:00 2001
From: Martin Michelsen <fuzziqersoftware+g@gmail.com>
Date: Thu, 11 Sep 2025 10:12:44 -0700
Subject: [PATCH] fix out-of-bounds access in 6x46, etc.

---
 src/ReceiveSubcommands.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/ReceiveSubcommands.cc b/src/ReceiveSubcommands.cc
index c098d021..05ac7675 100644
--- a/src/ReceiveSubcommands.cc
+++ b/src/ReceiveSubcommands.cc
@@ -452,7 +452,10 @@ void forward_subcommand_with_entity_targets_transcode_t(shared_ptr<Client> c, Su
       continue;
     }
     if (c->version() != lc->version()) {
-      CmdT out_cmd = cmd;
+      // NOTE: We can't just do `CmdT out_cmd = cmd` here because cmd may not
+      // point to a full command; it is likely shorter than the full structure
+      CmdT out_cmd;
+      memcpy(&out_cmd, &cmd, msg.size);
       out_cmd.header.subcommand = translate_subcommand_number(lc->version(), c->version(), cmd.header.subcommand);
       if (out_cmd.header.subcommand) {
         size_t valid_targets = 0;