From bf432c98fd36138a89b2cee20d51be6dcfc734b9 Mon Sep 17 00:00:00 2001
From: Leenear <leenear@proton.me>
Date: Sun, 10 May 2026 09:01:08 +0400
Subject: [PATCH] Fix incorrect memmove size in LDB breakpoint deletion
 (#15115)

# Description
There is an array corruption bug in LDB caused by an incorrect size
argument being passed to `memmove()` inside the `ldbDelBreakpoint()`
function.

When deleting a breakpoint, `memmove()` is used to shift the remaining
breakpoints in the ldb.bp integer array forward. However, the size
parameter passes the number of elements rather than the number of bytes.
Because ldb.bp is an array of type `int`, this results in an under-copy.
---
 src/eval.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/eval.c b/src/eval.c
index 018956135..30acedd9e 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -1027,7 +1027,7 @@ int ldbDelBreakpoint(int line) {
     for (j = 0; j < ldb.bpcount; j++) {
         if (ldb.bp[j] == line) {
             ldb.bpcount--;
-            memmove(ldb.bp+j,ldb.bp+j+1,ldb.bpcount-j);
+            memmove(ldb.bp+j,ldb.bp+j+1,(ldb.bpcount-j) * sizeof(int));
             return 1;
         }
     }