Avoid read past buffer end for empty source when checking for utf-8 signature

(cherry picked from commit aaf356ba9ff36fb68f493d70c1b47d98d4bb77fd)

compiler/scanner.pas

@@ -3561,7 +3561,8 @@ type
                  begin
                    c:=inputpointer^;
                    { eat utf-8 signature? }
-                   if (ord(inputpointer^)=$ef) and
+                   if (bufsize>2) and
+                     (ord(inputpointer^)=$ef) and
                      (ord((inputpointer+1)^)=$bb) and
                      (ord((inputpointer+2)^)=$bf) then
                      begin