The `ObjFileParser::getFace` method failed to recognize the vertical tab
character (`\v`, 0x0b) as a separator. While the `IsSpaceOrNewLine`
utility handles most whitespace (space, tab, CR, LF, FF), it excludes
`\v`.
When encountering a vertical tab, the parser fell through to an `else`
block that calls `::atoi(&(*m_DataIt))`. Because `atoi` treats `\v` as
whitespace per the C standard, it skips the character and continues
reading. If `\v` is located at the end of the buffer (e.g., followed by
a newline at the buffer boundary), `atoi` can read past the allocated
memory, triggering a heap-buffer-overflow.
This fix explicitly checks for `\v` and treats it as a separator,
resetting the position counter and preventing the invalid `atoi` call.
Verified with AddressSanitizer and confirmed that all 584 existing unit
tests pass.
Fixes: https://issues.oss-fuzz.com/issues/476180586
Signed-off-by: Bill Wendling <morbo@google.com>
Co-authored-by: Meder Kydyraliev <meder@google.com>
Co-authored-by: CodeMender <codemender-patching@google.com>
21607dfb75