lib/nbt: Fix a possible buffer overflow in readString()

src/lib/nbt.cpp

@@ -154,6 +154,9 @@ namespace NBT {
             if (stringSize.isError) {
                 return ErrorOr<tiny_utf8::string>(true, stringSize.errorCode);
             }
+            if (currentPosition + (uint64_t) stringSize.value + 2 > dataSize) {
+                return ErrorOr<tiny_utf8::string>(true, ErrorCodes::OVERRUN);
+            }
 
             ErrorOr<tiny_utf8::string> output = JavaCompat::importJavaString(data+currentPosition, stringSize.value);
             if(output.isError){