[C++] Harden FlexBuffers scalar mutation verification

[kmackinley]

Summary

• Reject FlexBuffers indirect scalar references whose target scalar bytes overlap the offset field that points to them.
• Make Reference::MutateBool() copy from a scalar source wide enough for forced-width bool storage.
• Add regression coverage for overlapping indirect scalar verification and forced-width bool mutation.

Motivation

FlexBuffers scalar mutation assumes the resolved scalar storage is distinct from the metadata used to resolve an indirect scalar. A malformed buffer can make those byte ranges overlap, so mutating the scalar can also mutate the offset used by later accesses. Rejecting this overlap during verification keeps verified indirect scalar references stable before callers use the public mutation APIs.

The bool mutation change preserves existing behavior while avoiding a wide copy from a 1-byte bool object when the parent storage width is larger.

Tests

• env ASAN_OPTIONS=detect_leaks=0:abort_on_error=1 UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1 LD_LIBRARY_PATH=$PWD/toolchains/apt/usr/lib/x86_64-linux-gnu toolchains/apt/usr/bin/ctest --test-dir build/flatbuffers-patch-asan --output-on-failure
• Local ASan repro: previously accepted overlapping indirect-int buffer now fails VerifyBuffer().
• Local ASan repro: forced-width bool mutation succeeds without sanitizer findings.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.