The following code is wrong:
Here the code tries to copy 206 bytes. In the other case (VESA 3.0 supported), only 188 + 66 - 50 = 204 bytes are copied. VirtualBox supports only VESA 2.0, therefore the crash. The memcpy function is compiled with fortify enabled.
This leads to a crash when fortify is enabled.
Note the the other else case for VESA < 2.0 is wrong as well (216 versus 215 bytes).
*** This bug has been marked as a duplicate of bug 30159 ***