Possible error in lexer.go

[MAGeorg]

Hi!
I checked my project, which has the go-jmespath library in its dependencies, with the SAST tool and found some problems in the go-jmespath code.

On line 389, SAST was triggered by a possible index out of range problem.

func (lexer *Lexer) consumeUnquotedIdentifier() token {
	// Consume runes until we reach the end of an unquoted
	// identifier.
	start := lexer.currentPos - lexer.lastWidth
	for {
		r := lexer.next()
		if r < 0 || r > 128 || identifierTrailingBits[uint64(r)/64]&(1<<(uint64(r)%64)) == 0 {
			lexer.back()
			break
		}
	}
	value := lexer.expression[start:lexer.currentPos]
	return token{
		tokenType: tUnquotedIdentifier,
		value:     value,
		position:  start,
		length:    lexer.currentPos - start,
	}
}

I found that when r = 128 a panic occurs

package main

import "fmt"

func main() {
	var identifierTrailingBits = [2]uint64{287948901175001088, 576460745995190270}

	var r rune = 128
	if r < 0 || r > 128 || identifierTrailingBits[uint64(r)/64]&(1<<(uint64(r)%64)) == 0 {
		fmt.Println("yes")
	} else {
		fmt.Println("no")
	}
}

result

panic: runtime error: index out of range [2] with length 2