[Security] : Heap OOB Read in switch_to_next_file(), Rust inputfile array shorter than num_input_files

[carbonFibreCode]

The Rust FFI function copy_from_rust() allocates the C inputfile pointer array via string_to_c_chars(inputfile.clone()), which copies all entries from the Rust Vec including empty strings appended by the argument parser.
However, num_input_files is computed with filter(|s| !s.is_empty()).count(), counting only non-empty entries. This mismatch means the C array has more allocated slots than num_input_files indicates or equivalently, the C code trusts num_input_files but the array may be shorter. The second call to switch_to_next_file() reads inputfile[current_file] one slot past the allocated array.

Address sanitizer stack trace

==38675==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000007998 at pc 0x000102b74c68
READ of size 8 at 0x602000007998 thread T0
    #0 switch_to_next_file  file_functions.c:183
    #1 start_ccx            ccextractor.c:144
    #2 main                 ccextractor.c:455

0x602000007998 is located 0 bytes after 8-byte region [0x602000007990,0x602000007998)
allocated by thread T0 here:
    #0 malloc
    #1 alloc::raw_vec::RawVecInner::try_allocate_in    mod.rs:419
    #2 Vec::with_capacity                               mod.rs:519
    #3 ccx_rust::utils::string_to_c_chars              utils.rs:72
    #4 ccx_rust::common::copy_from_rust                common.rs:260
    #5 ccxr_parse_parameters                           lib.rs:765
    #6 main                                            ccextractor.c:436

SUMMARY: AddressSanitizer: heap-buffer-overflow file_functions.c:183 in switch_to_next_file