Major bug: out of bounds read for some input sizes

[ogxd]

Context

For input sizes >= 80 bytes and modulo 16 (length of vector size) the construction is proceeding to reading one vector out of the bounds, making such hashes invalid.
This is a major bug for two reasons:

• It means for instance hashing the same 80 bytes input twice can lead to different hashes as a result
• It can lead to segfaults from reading beyond private memory

Todo

• Fix the issue
• Add an unit test to prevent out of bounds reads to happen again
• Publish update (2.2.5)
• Cargo yank bugged versions (2.X.X up to 2.2.4 included)

[ogxd]

Fixed in 2.2.5 (published)

Important note on cargo yank:

I consider yanking a version an exceptional measure, because of the consequences it has, especially when gxhash is a transitive dependency. I consider this case exceptional, as this bug would make the hash function malfunction, which can lead to critical issues in many scenarios and can be very difficult to debug. For other cases such as performance regressions, or even security flaws, yanking wouldn't apply.