utf8ToUtf16(): fix out-of-bounds write

Fixes a regression introduced by recent 9183da4f commit (CC @svuorela) which caused the following Valgrind error on the attached test.pdf:

$ valgrind utils/pdftoppm /tmp/test.pdf
==3735668== Memcheck, a memory error detector
==3735668== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3735668== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==3735668== Command: utils/pdftoppm /tmp/test.pdf
==3735668==
Syntax Warning: May not be a PDF file (continuing anyway)
Syntax Error: Unterminated string
==3735668== Invalid write of size 2
==3735668==    at 0x4A3570C: utf8ToUtf16(char const*, unsigned short*, int, int) (poppler/UTF.cc:353)
==3735668==    by 0x4A3584C: utf8ToUtf16(char const*, int*) (poppler/UTF.cc:368)
==3735668==    by 0x4A358D4: utf8ToUtf16WithBom(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (poppler/UTF.cc:379)
==3735668==    by 0x49F2C97: Lexer::getObj(int) (poppler/Lexer.cc:424)
==3735668==    by 0x4A035C2: Parser::Parser(XRef*, Stream*, bool) (poppler/Parser.cc:50)
==3735668==    by 0x49F888B: Linearization::Linearization(BaseStream*) (poppler/Linearization.cc:28)
==3735668==    by 0x4A06D8D: getLinearization (poppler/PDFDoc.cc:648)
==3735668==    by 0x4A06D8D: PDFDoc::isLinearized(bool) (poppler/PDFDoc.cc:700)
==3735668==    by 0x4A0518D: PDFDoc::getStartXRef(bool) (poppler/PDFDoc.cc:2003)
==3735668==    by 0x4A04BB8: PDFDoc::setup(std::optional<GooString> const&, std::optional<GooString> const&, std::function<void ()> const&) (poppler/PDFDoc.cc:246)
==3735668==    by 0x4A04AAB: PDFDoc::PDFDoc(std::unique_ptr<GooString, std::default_delete<GooString> >&&, std::optional<GooString> const&, std::optional<GooString> const&, void*, std::function<void ()> const&) (poppler/PDFDoc.cc:160)
==3735668==    by 0x49F93EA: LocalPDFDocBuilder::buildPDFDoc(GooString const&, std::optional<GooString> const&, std::optional<GooString> const&, void*) (poppler/LocalPDFDocBuilder.cc:0)
==3735668==    by 0x4A1FBB5: PDFDocFactory::createPDFDoc(GooString const&, std::optional<GooString> const&, std::optional<GooString> const&, void*) (poppler/PDFDocFactory.cc:62)
==3735668==  Address 0x669cf54 is 0 bytes after a block of size 148 alloc'd
==3735668==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3735668==    by 0x4A35815: gmalloc (goo/gmem.h:44)
==3735668==    by 0x4A35815: gmallocn (goo/gmem.h:121)
==3735668==    by 0x4A35815: utf8ToUtf16(char const*, int*) (poppler/UTF.cc:367)
==3735668==    by 0x4A358D4: utf8ToUtf16WithBom(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (poppler/UTF.cc:379)
==3735668==    by 0x49F2C97: Lexer::getObj(int) (poppler/Lexer.cc:424)
==3735668==    by 0x4A035C2: Parser::Parser(XRef*, Stream*, bool) (poppler/Parser.cc:50)
==3735668==    by 0x49F888B: Linearization::Linearization(BaseStream*) (poppler/Linearization.cc:28)
==3735668==    by 0x4A06D8D: getLinearization (poppler/PDFDoc.cc:648)
==3735668==    by 0x4A06D8D: PDFDoc::isLinearized(bool) (poppler/PDFDoc.cc:700)
==3735668==    by 0x4A0518D: PDFDoc::getStartXRef(bool) (poppler/PDFDoc.cc:2003)
==3735668==    by 0x4A04BB8: PDFDoc::setup(std::optional<GooString> const&, std::optional<GooString> const&, std::function<void ()> const&) (poppler/PDFDoc.cc:246)
==3735668==    by 0x4A04AAB: PDFDoc::PDFDoc(std::unique_ptr<GooString, std::default_delete<GooString> >&&, std::optional<GooString> const&, std::optional<GooString> const&, void*, std::function<void ()> const&) (poppler/PDFDoc.cc:160)
==3735668==    by 0x49F93EA: LocalPDFDocBuilder::buildPDFDoc(GooString const&, std::optional<GooString> const&, std::optional<GooString> const&, void*) (poppler/LocalPDFDocBuilder.cc:0)
==3735668==    by 0x4A1FBB5: PDFDocFactory::createPDFDoc(GooString const&, std::optional<GooString> const&, std::optional<GooString> const&, void*) (poppler/PDFDocFactory.cc:62)

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59840