When parsing untrusted rulex expressions, rulex may panic, possibly enabling
a Denial of Service attack. This happens when the expression contains a multi-
byte UTF-8 code point in a string literal or after a backslash, because rulex
tries to slice into the code point and panics as a result.
The flaw was corrected in commits
330b3534e7 by using
len_utf8() to derive character width in bytes instead of assuming ASCII
encoding of 1 byte per char.