array: validate skip/count before array copy sizing

[orbisai0security]

This defensively validates skip and count before array-copy helpers
compute allocation or memcpy sizes from (count - skip).

Several helpers in src/gl/array.c use this expression when allocating or
copying converted vertex/color/texcoord data. If invalid ranges are ever
propagated into these helpers, the subtraction can underflow or produce
incorrect copy sizes.

This patch adds a shared valid_copy_range() helper and applies it
consistently at the top of each affected function:

• copy_gl_array
• copy_gl_array_texcoord
• copy_gl_array_quickconvert
• copy_gl_array_convert
• copy_gl_array_bgra

Behavior is unchanged for valid inputs; invalid ranges are rejected early.

[ptitSeb]

While the fix itself is ok, it's really either to restriected (there are many other similar functions in the code), or not applied in the right place (most functions calls this with skip=0, but it's also used by other copy_gl_array_XXX functions that might also need a check in that case).

I will not accept the PR in it's current form.

[orbisai0security]

Thanks, that makes sense. I agree this should not be fixed narrowly in only copy_gl_array.

I've reworked this as a defensive bounds-hardening change across all the related array-copy helpers. The revised patch adds a shared valid_copy_range() helper and checks the skip/count invariant consistently before any (count - skip) allocation/copy arithmetic, covering:

• copy_gl_array
• copy_gl_array_texcoord
• copy_gl_array_quickconvert
• copy_gl_array_convert
• copy_gl_array_bgra

I've also updated the PR title and description to frame this as what it is — defensive bounds hardening — rather than overstating the severity. Behavior is unchanged for valid inputs.

[ptitSeb]

Ok, looks better now.