diff --git a/backend/utils/clientPatcher.js b/backend/utils/clientPatcher.js
index 3446fed..332a7a4 100644
--- a/backend/utils/clientPatcher.js
+++ b/backend/utils/clientPatcher.js
@@ -147,8 +147,9 @@ class ClientPatcher {
   }
 
   /**
-   * Replace bytes in buffer - only overwrites the length of new bytes
-   * Prevents offset corruption by not expanding the replacement
+   * Replace bytes in buffer with null-padding for shorter replacements
+   * When new pattern is shorter than old, pads with 0x00 to prevent leftover bytes
+   * that can cause memory corruption (free(): invalid pointer) on some systems
    */
   replaceBytes(buffer, oldBytes, newBytes) {
     let count = 0;
@@ -162,7 +163,12 @@ class ClientPatcher {
     const positions = this.findAllOccurrences(result, oldBytes);
 
     for (const pos of positions) {
-      // Only overwrite the length of the new bytes
+      // First fill the entire old pattern region with zeros
+      // This prevents leftover bytes from causing memory corruption
+      if (newBytes.length < oldBytes.length) {
+        result.fill(0x00, pos, pos + oldBytes.length);
+      }
+      // Then write the new bytes
       newBytes.copy(result, pos);
       count++;
     }