AK: Fix BumpAllocator iteration if last object doesn't align

This fixes two bugs:

1. `end_offset` was missing the alignment that might have been
   introduced while computing `base_ptr`.
2. Ignoring point 1, `end_offset` computed the offset of the first byte
   that is outside the current chunk. However, this might be in the
   middle of a (hypothetical) object! The loop treats `end_offset` as if
   it points to the first byte beyond the last (valid) object. So if the
   last few bytes of the chunk are unused, the loop iterates once too
   often.

Found by OSS Fuzz, long-standing issue (since 2021-07-31)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38733
(This probably also resolves some other issues that go through
RegexMatcher.)

See also: 0f1425c895ace40fbb10d68a55eeb3a6354479d3

0 files changed, 0 insertions, 0 deletions