fix(security): VFS write overflow, file close robustness, catalog safety

VFS_WriteFile:
- Add overflow check before rounding endPos up to 4KB boundary. If
  endPos > 0xFFFFF000, adding 4095 wraps to a small value, causing
  undersized allocation and subsequent buffer overflow on memcpy.

VFS_CloseFile:
- Remove restriction that only 'created' overlay entries can persist
  data (any overlay entry with file data should be saved)
- NULL-out fileData/fileDataSize before freeing to prevent dangling
  pointer if NewPtr fails
- Only update modTime if GetDateTime returns non-zero (avoid setting
  file timestamp to Mac epoch on failure)

HFS_CatalogLookup:
- Use strlen-based length comparison before character loop instead of
  relying on null terminator probe at entries[i].name[len]. While the
  original was safe (len <= 31, name[32]), the new approach is clearer
  and avoids assumptions about null termination of catalog names.

Author: Kelsidavis

src/FS/hfs_catalog.c

@@ -241,6 +241,10 @@ bool HFS_CatalogLookup(HFS_Catalog* cat, DirID parentID, const char* name,
 
     /* Find matching name (case-insensitive) */
     for (int i = 0; i < count; i++) {
+        /* Verify entry name length matches before comparing */
+        size_t entryLen = strlen(entries[i].name);
+        if (entryLen != len) continue;
+
         bool match = true;
         for (size_t j = 0; j < len; j++) {
             char c1 = entries[i].name[j];
@@ -252,7 +256,7 @@ bool HFS_CatalogLookup(HFS_Catalog* cat, DirID parentID, const char* name,
                 break;
             }
         }
-        if (match && entries[i].name[len] == '\0') {
+        if (match) {
             *entry = entries[i];
             return true;
         }

src/FS/vfs.c

@@ -896,10 +896,12 @@ void VFS_CloseFile(VFSFile* file) {
         VFSVolume* vol = VFS_FindVolume(file->vref);
         if (vol) {
             VFSOverlayEntry* oe = VFS_FindOverlay(vol, file->fileID);
-            if (oe && oe->created) {
+            if (oe) {
                 /* Free old persisted data */
                 if (oe->fileData) {
                     DisposePtr((Ptr)oe->fileData);
+                    oe->fileData = NULL;
+                    oe->fileDataSize = 0;
                 }
                 /* Copy current buffer to overlay */
                 oe->fileData = (uint8_t*)NewPtr(file->memSize);
@@ -911,7 +913,9 @@ void VFS_CloseFile(VFSFile* file) {
                     extern void GetDateTime(uint32_t* secs);
                     uint32_t now = 0;
                     GetDateTime(&now);
-                    oe->entry.modTime = now;
+                    if (now != 0) {
+                        oe->entry.modTime = now;
+                    }
                 }
             }
         }
@@ -955,7 +959,8 @@ bool VFS_WriteFile(VFSFile* file, const void* buffer, uint32_t length, uint32_t*
     uint32_t endPos = file->memPosition + length;
 
     if (endPos > file->memCapacity) {
-        /* Grow buffer — round up to 4KB blocks */
+        /* Grow buffer — round up to 4KB blocks (check for overflow in rounding) */
+        if (endPos > (uint32_t)0xFFFFF000) return false;  /* Would overflow when rounding up */
         uint32_t newCap = (endPos + 4095) & ~4095u;
         uint8_t* newBuf = (uint8_t*)NewPtr(newCap);
         if (!newBuf) return false;