Fix memory corruption by null-padding shorter replacement patterns

When replacing domain strings with shorter ones, the replaceBytes function
was only copying the new bytes without clearing the leftover bytes from
the old pattern. This caused "free(): invalid pointer" crashes on Steam
Deck and Ubuntu due to corrupted string metadata in the .NET AOT binary.

Fix: Fill the entire old pattern region with 0x00 before writing the
new bytes. This ensures no leftover data remains that could corrupt
the binary structure.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/utils/clientPatcher.js

@@ -147,8 +147,9 @@ class ClientPatcher {
   }
 
   /**
-   * Replace bytes in buffer - only overwrites the length of new bytes
+   * Replace bytes in buffer with null-padding for shorter replacements
-   * Prevents offset corruption by not expanding the replacement
+   * When new pattern is shorter than old, pads with 0x00 to prevent leftover bytes
+   * that can cause memory corruption (free(): invalid pointer) on some systems
    */
   replaceBytes(buffer, oldBytes, newBytes) {
     let count = 0;
@@ -162,7 +163,12 @@ class ClientPatcher {
     const positions = this.findAllOccurrences(result, oldBytes);
 
     for (const pos of positions) {
-      // Only overwrite the length of the new bytes
+      // First fill the entire old pattern region with zeros
+      // This prevents leftover bytes from causing memory corruption
+      if (newBytes.length < oldBytes.length) {
+        result.fill(0x00, pos, pos + oldBytes.length);
+      }
+      // Then write the new bytes
       newBytes.copy(result, pos);
       count++;
     }