Fix possible heap overflow in cram_encode_aux() on bad RG:Z tags

RG:Z tags without a proper NUL termination could lead to use of
invalid data, or a heap overflow when the tag is passed to
sam_hrecs_find_rg(), or hts_log_warning() if the former returns
NULL.  Fix by moving the line that skips to the end of the aux
tag and then checking that it was terminated correctly.  Should
it not be, the aux parser is reset so the tag can be stored
verbatim (the code that does that already handles badly-terminated
Z tags).

Credit to OSS-Fuzz
Fixes oss-fuzz 66369

cram/cram_encode.c

@@ -2799,15 +2799,24 @@ static sam_hrec_rg_t *cram_encode_aux(cram_fd *fd, bam_seq_t *b,
         // RG:Z
         if (aux[0] == 'R' && aux[1] == 'G' && aux[2] == 'Z') {
             char *rg = &aux[3];
-            brg = sam_hrecs_find_rg(fd->header->hrecs, rg);
-            if (brg) {
-                while (aux < aux_end && *aux++);
-                if (CRAM_MAJOR_VERS(fd->version) >= 4)
-                    BLOCK_APPEND(td_b, "RG*", 3);
-                continue;
+            aux = rg;
+            while (aux < aux_end && *aux++);
+            if (aux == aux_end && aux[-1] != '\0') {
+                hts_log_warning("Unterminated RG:Z tag for read \"%s\"",
+                                bam_get_qname(b));
+                brg = NULL;
+                aux = rg - 3; // Tag will be stored verbatim
             } else {
-                // RG:Z tag will be stored verbatim
-                hts_log_warning("Missing @RG header for RG \"%s\"", rg);
+                brg = sam_hrecs_find_rg(fd->header->hrecs, rg);
+                if (brg) {
+                    if (CRAM_MAJOR_VERS(fd->version) >= 4)
+                        BLOCK_APPEND(td_b, "RG*", 3);
+                    continue;
+                } else {
+                    // RG:Z tag will be stored verbatim
+                    hts_log_warning("Missing @RG header for RG \"%s\"", rg);
+                    aux = rg - 3;
+                }
             }
         }