The methods MemorySegment::copy are computing the destOffset parameter with int arithmetics when calling ScopedMemoryAccess.getScopedMemoryAccess().copy*Memory. But, for large values of elementCount and arrays of types other than byte[] (e.g. long[]), this may silently overflow causing an undefined value (including negative values) to be used for subsequent Unsafe calls which, in turn, may cause a JVM crash or even worse, may quietly mutate arbitrary process memory.