Fix heap out-of-bounds write in _m3d_safestr

While there is a 256 character limit when computing the length of the
newly allocated strength, that limit was missing when copying the
string. This commit adds a new length check in the copy loop, preventing
it from writhing out of bounds.

Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416

code/AssetLib/M3D/m3d.h

@@ -896,7 +896,7 @@ char *_m3d_safestr(char *in, int morelines) {
         if (!out) return NULL;
         while (*i == ' ' || *i == '\t' || *i == '\r' || (morelines && *i == '\n'))
             i++;
-        for (; *i && (morelines || (*i != '\r' && *i != '\n')); i++) {
+        for (; *i && (morelines || (*i != '\r' && *i != '\n')) && o - out < l; i++) {
             if (*i == '\r') continue;
             if (*i == '\n') {
                 if (morelines >= 3 && o > out && *(o - 1) == '\n') break;