[Function entry]
data = 0x50e92e
data_length = 16

[CPF slice]
cpf_start = 0x50e92e
cpf_end   = 0x50e93e
cpf_end - cpf_start = 16

[CPF bytes]
0x50e92e: 0x01 0xe8 0x00 0x00 0x00 0x00 0xb2 0x00
0x50e936: 0x06 0x00 0x04 0x02 0x20 0x01 0x24 0x01

[item_count]
item_count = 59393
item_count = 0xe801

[OOB trigger]
A read watchpoint on *cpf_end triggers at source/src/enet_encap/cpf.c:280.
At that point:
- data = 0x50e93e
- data_length = 16
- data == cpf_end

This shows that CreateCommonPacketFormatStructure() continues parsing after
reaching the end of the 16-byte CPF slice, causing an out-of-bounds read.
