Fix 7 verified bugs: ref invalidation, bounds check, double refresh, dangling pointer, undo bypass, overflow, hash collision

- BUG-1 (HIGH): Replace dangling QVector reference with local copies in applyTypePopupResult
- BUG-2 (MEDIUM): Add missing upper-bound check in EditTarget::Name handler
- BUG-5 (LOW): Remove redundant unconditional refresh() at end of applyTypePopupResult
- BUG-6 (LOW): Use QPointer for m_cachedPopup to auto-null on parent destruction
- BUG-7 (LOW): Rewrite materializeRefChildren to use undo macro (cmd::Insert + cmd::Collapse)
- BUG-8 (LOW): Guard against integer overflow in byteSize() and clamp arrayLen/strLen in fromJson
- BUG-9 (LOW): Use QPair<uint64_t,uint64_t> key in collectPointerRanges visited set

src/controller.h

@@ -7,6 +7,7 @@
 #include <QUndoCommand>
 #include <QTimer>
 #include <QFutureWatcher>
+#include <QPointer>
 #include <memory>
 
 namespace rcx {
@@ -138,7 +139,7 @@ private:
     int m_activeSourceIdx = -1;
 
     // ── Cached type selector popup (avoids ~350ms cold-start on first show) ──
-    TypeSelectorPopup* m_cachedPopup = nullptr;
+    QPointer<TypeSelectorPopup> m_cachedPopup;
 
     // ── Auto-refresh state ──
     using PageMap = QHash<uint64_t, QByteArray>;
@@ -169,7 +170,7 @@ private:
     void resetSnapshot();
     void collectPointerRanges(uint64_t structId, uint64_t memBase,
                               int depth, int maxDepth,
-                              QSet<uint64_t>& visited,
+                              QSet<QPair<uint64_t,uint64_t>>& visited,
                               QVector<QPair<uint64_t,int>>& ranges) const;
 };