Double Free Issue

[Alexhuszagh]

As reported in serde-rs/json#671, there is an issue with double-free in minimal-lexical that is not present in any version of lexical-core, due to the removal of a bounds check when porting the code over. Specifically, the offending line is below, where a bounds check was removed relative to all branches of lexical-core.

The offending code is here:

minimal-lexical/src/math.rs

Lines 270 to 274 in f88b10f

	assert!(index + lower_size_bound >= index); // Protect against overflow
	unsafe {
	let old_len = vec.len();
	assert!(index <= old_len);

The corrected code is here:
https://github.com/Alexhuszagh/rust-lexical/blob/d17f05197accc0d43a84d644578dbdbf225a8046/lexical-core/src/util/sequence.rs#L62-L66

This has been fixed with Alexhuszagh/rust-lexical#53, which has a new, safer insert_many implementation which other unsoundness in the insert_many implementation.