LibWeb: Vector OOB when typing first character of HTML tag with syntax highlighting enabled

For example, switch the Syntax in Text Editor to HTML file, then type <h. As soon as you type the h, this crash will occur. Trace:

TextEditor(42:42): USERSPACE(42) ASSERTION FAILED: i < m_size
../.././AK/Vector.h:188
CrashDaemon(20:20): --- Backtrace for thread #0 (TID 42) ---
CrashDaemon(20:20): 0x934c21ce: [libsystem.so] syscall2 +0xe (syscall.cpp:25)
CrashDaemon(20:20): 0xa7d258d0: [libc.so] kill +0x20 (signal.cpp:21)
CrashDaemon(20:20): 0xa7d25973: [libc.so] raise +0x23 (signal.cpp:34)
CrashDaemon(20:20): 0xa7d10c3d: [libc.so] abort +0x2a (stdlib.cpp:233)
CrashDaemon(20:20): 0xa7d1174b: [libc.so] __assertion_failed +0xeb (Format.h:236)
CrashDaemon(20:20): 0x6e15da21: [libweb.so] Web::HTML::HTMLTokenizer::nth_last_position(unsigned long) +0x51 (Vector.h:188)
CrashDaemon(20:20): 0x6e1521be: [libweb.so] .L1545 +0x1d (HTMLTokenizer.cpp:339)
CrashDaemon(20:20): 0x6e163e32: [libweb.so] Web::HTML::SyntaxHighlighter::rehighlight(Gfx::Palette const&) +0x142 (SyntaxHighlighter.cpp:58)
CrashDaemon(20:20): 0x3656aad3: [libgui.so] AK::Function<void (Core::Object&)>::CallableWrapper<GUI::TextEditor::did_change()::{lambda(auto:1&)#1}>::call(Core::Object&) const +0xd3 (TextEditor.cpp:1356)
CrashDaemon(20:20): 0x2a8ecc8b: [libcore.so] Core::EventLoop::pump(Core::EventLoop::WaitMode) +0x49b (Atomic.h:206)
CrashDaemon(20:20): 0x2a8ed3ab: [libcore.so] Core::EventLoop::exec() +0x9b (EventLoop.cpp:362)
CrashDaemon(20:20): 0x36493f98: [libgui.so] GUI::Application::exec() +0x28 (Application.cpp:100)
CrashDaemon(20:20): 0xaa6e0206: [/bin/TextEditor] main +0x4c6 (main.cpp:81)
CrashDaemon(20:20): 0xaa6e05f8: [/bin/TextEditor] _start +0x58 (crt0.cpp:39)

cc @alimpfard

SerenityOS / serenity

LibWeb: Vector OOB when typing first character of HTML tag with syntax highlighting enabled #7349