Fix buffer overflow in do_composition()

I tried to verify that Linux 6.2's decision to use -funsigned-char would
break our code and was mostly successful, with the sole exception of
do_composition(), which has a bug that -funsigned-char would have
lessened, although not mitigated.

In do_composition(), we have:

size = u8_number_of_bytes[*p];
if (size <= 1 || (p + size) > oslast)
    break;

There, we have type promotion from char to size_t, which is unsigned. C will
sign extend the value as part of the widening before treating the value as
unsigned and the negative values we can counter are error values from
U8_ILLEGAL_CHAR and U8_OUT_OF_RANGE_CHAR, which are -1 and -2 respectively. The
unsigned versions of these under two's complement are SIZE_MAX and SIZE_MAX-1
respectively.

The bounds check is written under the assumption that `size <= 1` does a signed
comparison. This is followed by a pointer comparison to see if the string has
the correct length, which is fine.

A little further down we have:

for (i = 0; i < size; i++)
    tc[i] = *p++;.

When an error condition is encountered, this will iterate at least SIZE_MAX-1
times, which will massively overflow the buffer, which is not fine. This would
undoubtably cause horrible memory corruption, which would likely crash the
system, but could cause just about anything until the system crashes.

Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>

module/unicode/u8_textprep.c

@@ -1287,7 +1287,7 @@ do_composition(size_t uv, uchar_t *s, uchar_t *comb_class, uchar_t *start,
 
 		while (p < oslast) {
 			size = u8_number_of_bytes[*p];
-			if (size <= 1 || (p + size) > oslast)
+			if ((ssize_t)size <= 1 || (p + size) > oslast)
 				break;
 
 			saved_p = p;