history expansion with unterminated single-quoted string

[Grisha Levit]

./bash --norc -in <<<"'^"
bash-5.2$ '^
=================================================================
==94881==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x000105b02580 at pc 0x0001027422e4 bp 0x00016dcadd10 sp
0x00016dcadd08
READ of size 1 at 0x000105b02580 thread T0
    #0 0x1027422e0 in history_expand histexpand.c:1004
    #1 0x102464778 in pre_process_line bashhist.c:570

diff --git a/lib/readline/histexpand.c b/lib/readline/histexpand.c
index 38a49531..ab6f0830 100644
--- a/lib/readline/histexpand.c
+++ b/lib/readline/histexpand.c
@@ -1054,6 +1054,8 @@ history_expand (const char *hstring, char **output)
              flag = (i > 0 && string[i - 1] == '$');
              i++;
              hist_string_extract_single_quoted (string, &i, flag);
+              if (i >= l)
+                break;
            }
          else if (history_quotes_inhibit_expansion && string[i] == '\\')
            {