While we don’t have the details spelled out, the security bulletin points out a pair of buffer overflows and some invalid pointers being dereferenced. Put clearly, these bugs could probably be ...
Since we can write the whole chunk in one go, we set the slice on the target (the dereferenced buffer) from the write index (data_back) to (and including) the size of the data we’re writing ...