[System.Private.Xml] Possible incorrect behavior in character counting ( maxCharsCount >= charsCount )

[dumprop]

Description

Hello! I decided to test System.Private.Xml module via fuzzing test.
After some time I found test case which fails Debug.Assert(maxCharsCount >= charsCount)

Reproduction Steps

Download latest .NET v6.0.36 and build it in Debug mode (enable asserts), make reference in test project.
Test's project code:

using SharpFuzz;
using System.Xml;

Fuzzer.Run(stream =>
    {
        try
        {
            using (var xml = XmlReader.Create(stream))
            {
                while (xml.Read()) { }
            }
        }
        catch (XmlException) { }
    }
);

corpus_file_for_xml_crash.txt

In result, value of maxCharsCount is 80 and charsCount is 81 - that produce a crash

Expected behavior

No any crash, as usual

Actual behavior

Debug.Assert(maxCharsCount >= charsCount) is failed because 80 >= 81 is false

Regression?

No response

Known Workarounds

No response

Configuration

.NET v6.0.36 from github, Debug build (enable asserts), Linux Ubuntu x64

Other information

No response

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-xml
See info in area-owners.md if you want to be subscribed.

[jeffhandley]

Assigned to @krwq for triage.

[tarekgh]

Copilot mistakenly tagged this issue in the PR #123805. No idea why he did that.