Fix code injection via unescaped doc comments in code generators

Sanitize documentation comments by escaping the block comment closing
sequence '*/' to '* /' before emitting them into generated source code.
This prevents a malicious .fbs schema from injecting arbitrary code into
generated Java, Kotlin, and C# files by prematurely terminating the
Javadoc/KDoc block comment.

The fix is applied to three locations:
- GenComment() in code_generators.cpp (used by Java and C# generators)
- GenerateComment() in idl_gen_kotlin.cpp
- GenerateComment() in idl_gen_kotlin_kmp.cpp

Author: YLChen-007

src/code_generators.cpp

@@ -212,7 +212,14 @@ void GenComment(const std::vector<std::string>& dc, std::string* code_ptr,
            ? config->content_line_prefix
            : "///");
   for (auto it = dc.begin(); it != dc.end(); ++it) {
-    code += line_prefix + *it + "\n";
+    std::string sanitized = *it;
+    // Sanitize comment content: escape block comment closing sequence
+    // to prevent code injection via premature comment termination.
+    for (size_t pos = sanitized.find("*/"); pos != std::string::npos;
+         pos = sanitized.find("*/", pos + 2)) {
+      sanitized.replace(pos, 2, "* /");
+    }
+    code += line_prefix + sanitized + "\n";
   }
   if (config != nullptr && config->last_line != nullptr) {
     code += std::string(prefix) + std::string(config->last_line) + "\n";

src/idl_gen_kotlin.cpp

@@ -1410,7 +1410,14 @@ class KotlinGenerator : public BaseGenerator {
              ? config->content_line_prefix
              : "///");
     for (auto it = dc.begin(); it != dc.end(); ++it) {
-      writer += line_prefix + *it;
+      std::string sanitized = *it;
+      // Sanitize comment content: escape block comment closing sequence
+      // to prevent code injection via premature comment termination.
+      for (size_t pos = sanitized.find("*/"); pos != std::string::npos;
+           pos = sanitized.find("*/", pos + 2)) {
+        sanitized.replace(pos, 2, "* /");
+      }
+      writer += line_prefix + sanitized;
     }
     if (config != nullptr && config->last_line != nullptr) {
       writer += std::string(config->last_line);

src/idl_gen_kotlin_kmp.cpp

@@ -1393,7 +1393,14 @@ class KotlinKMPGenerator : public BaseGenerator {
              ? config->content_line_prefix
              : "///");
     for (auto it = dc.begin(); it != dc.end(); ++it) {
-      writer += line_prefix + *it;
+      std::string sanitized = *it;
+      // Sanitize comment content: escape block comment closing sequence
+      // to prevent code injection via premature comment termination.
+      for (size_t pos = sanitized.find("*/"); pos != std::string::npos;
+           pos = sanitized.find("*/", pos + 2)) {
+        sanitized.replace(pos, 2, "* /");
+      }
+      writer += line_prefix + sanitized;
     }
     if (config != nullptr && config->last_line != nullptr) {
       writer += std::string(config->last_line);