Bug: Savefile corruption during gameplay, resulting in tier0 crash

[pivotman319-owo]

Describe the bug

The engine has a chance of corrupting any save file that is made during gameplay, generating an evil savefile that results in heap corruption within the tier0 module that can potentially lead to possible malicious code execution.

[client_le] Playtest system DISABLED
[vphysics] Set Gravity 600.0 (0.250 tolerance)
[engine] Signon traffic "CLIENT":  incoming 52.351 KB [43 pkts], outgoing 3.333 KB [63 pkts]
[client_le] HACK: Forcing all of gameui to hide on level load for portal. For some reason it stays open for us and it's annoying. Especially on xbox where it steals our controller focus.
[engine] Execing config: game_postent.cfg
[materials] Queued Material System: ENABLED!
[engine] SAVEGAME:   21.4kb,    0.0kb used by 257 entities (sp_a4_finale1)
[engine] Freeing 21934 bytes of save data
[tier0] mimalloc: error: buffer overflow in heap block 0000051D1E7D1CD0 of size 30: write after 30 bytes

To Reproduce

Load affected savefile (rename .txt to .sav): Evil autosave file

Repro video: https://user-images.githubusercontent.com/15126754/193640835-82356f76-3647-4618-b3ef-b85efbdef28f.mp4

Bug first spotted on latest P2CE staging build as of writing

[engine] Protocol version 13703 [938/938]
Exe version 1.37.0.3 (p2ce)
[engine] Exe build: 23:23:44 Sep 29 2022 (8727) (440000)
[engine] Windows version 10.0

Issue Map

sp_a4_finale1, although it could possibly apply to all maps

Expected Behavior

The engine should be writing and loading savefiles normally instead of corrupting memory

Operating System

Windows 11 Insider Preview, v22H2 (10.0.22622.601 (ni_release_svc_prod2.220906-1320), amd64fre)

[JJL772]

What map was this save created on? Was this created during the same session of gameplay? We are currently not properly versioning the game with steam.inf, so some old saves can be loaded when they shouldn't be allowed to.