Fix iterator UB in ARGS_NOEXCEPT completion parsing

[metsw24-max]

Fix two iterator lifetime / memory-safety bugs in ARGS_NOEXCEPT completion handling that could trigger undefined behavior during bash-completion parsing.

Both issues were reachable through the public ParseCLI / ParseArgs APIs with attacker-controlled argv input.

---

Bugs Fixed

1. End iterator increment + invalid dereference

In ArgumentParser::ParseArgsValues, the completion path previously did:

it = end;
return "";

Control then returned to the caller loop:

for (; it != end; ++it)

which performed ++it on an already-end iterator, followed by an invalid iterator dereference on the next iteration.

The fix parks the iterator on the last consumed element instead:

it = valueIt;

so the caller’s increment lands legally on end.

---

2. Dangling iterator returned across stack frames

The completion replay path recursively parsed a temporary curArgs vector and returned an iterator into that local container:

return Parse(curArgs.begin(), curArgs.end());

After curArgs was destroyed, the caller compared the dangling iterator against the outer container’s end(), triggering undefined behavior.

The fix discards the recursive return value and returns the outer end iterator instead:

Parse(curArgs.begin(), curArgs.end());
return end;

---

Validation

Added a sanitizer-backed PoC that reproduces both issues against the pre-fix version and verifies clean execution on the fixed version.

Pre-fix

• ASan crash
• invalid iterator dereference
• dangling iterator UB

Fixed

• clean execution
• exit code 0

The PoC includes:

• standalone reproducer
• ASan/UBSan build script
• buggy vs fixed differential validation

[Taywee]

Looks valuable, especially for any future UB guarding, which would benefit from being able to reproduce them first. Thanks for the PR.