fix: add memmove bounds check and prepare failure handling

- Add explicit bounds check before memmove header prepend in MCP tool
  (prevents overflow if safety limit is raised in the future)
- Early-return with log_warn if INSERT prepare fails in write_crosslinks
  (avoids silent O(n^2) no-op loop)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Shidfar

src/mcp/mcp.c

@@ -3490,6 +3490,7 @@ static char *handle_cross_project_links(cbm_mcp_server_t *srv, const char *args)
     char header[128];
     snprintf(header, sizeof(header), "# Cross-Project Links (%d total)\n\n", total);
     int hlen = (int)strlen(header);
+    if (pos + hlen >= XL_BUF_SIZE) pos = XL_BUF_SIZE - hlen - 1;
     memmove(buf + hlen, buf, (size_t)pos + 1);
     memcpy(buf, header, (size_t)hlen);
 

src/pipeline/pass_crossrepolinks.c

@@ -232,6 +232,11 @@ static int write_crosslinks(const char *cache_dir,
         "(protocol, identifier, producer_project, producer_qn, producer_file, "
         " consumer_project, consumer_qn, consumer_file, confidence, updated_at) "
         "VALUES (?,?,?,?,?,?,?,?,?,?);", -1, &ins, NULL);
+    if (!ins) {
+        cbm_log_warn("crosslink.prepare_failed", "path", db_path);
+        sqlite3_close(db);
+        return -1;
+    }
 
     sqlite3_exec(db, "BEGIN TRANSACTION;", NULL, NULL, NULL);