Fix out-of-bound access to "alex_check" array

`offset` can be negative. We must check this before using it to index
into `alex_check` array.

The issue is that 'check' is unlifted, hence it's a strict binding. The
way it was written before, it was evaluated before checking that offset
was greater than or equal to 0. I've just moved the binding after the
check.

Caught with GHC's JS backend running Cabal-syntax's lexer. The JS
backend uses arrays to represent unlifted string literals, so the bug
results in out-of-bound JS array access. With the native backends the
out-of-bound array access might trigger a segfault but it is more likely
to just read some random values in the heap. That's why it went
unnoticed.

Author: hsyl20

Diff for: CHANGELOG.md

@@ -1,3 +1,7 @@
+## Change in 3.2.7.2
+
+ * Fix bug with out-of-bound access to `alex_check` array.
+
 ## Change in 3.2.7.1
 
  * Fix bug with repeated numeral characters *outside* of `r{n,m}`

Diff for: alex.cabal

@@ -1,6 +1,6 @@
 cabal-version: >= 1.10
 name: alex
-version: 3.2.7.1
+version: 3.2.7.2
 -- don't forget updating changelog.md!
 license: BSD3
 license-file: LICENSE

Diff for: data/AlexTemplate.hs

@@ -161,11 +161,15 @@ alex_scan_tkn user__ orig_input len input__ s last_acc =
         let
                 base   = alexIndexInt32OffAddr alex_base s
                 offset = PLUS(base,ord_c)
-                check  = alexIndexInt16OffAddr alex_check offset
 
-                new_s = if GTE(offset,ILIT(0)) && EQ(check,ord_c)
-                          then alexIndexInt16OffAddr alex_table offset
-                          else alexIndexInt16OffAddr alex_deflt s
+                new_s
+                  | GTE(offset,ILIT(0))
+                  , check <- alexIndexInt16OffAddr alex_check offset
+                  , EQ(check,ord_c)
+                  = alexIndexInt16OffAddr alex_table offset
+
+                  | otherwise
+                  = alexIndexInt16OffAddr alex_deflt s
         in
         case new_s of
             ILIT(-1) -> (new_acc, input__)