This is the [line](https://github.com/openjdk/jdk/blob/a87dd1a75f78cf872df49bea83ba48af8acfa2fd/src/hotspot/share/gc/shenandoah/shenandoahScanRemembered.cpp#L173) that I'm talking about below.

Given certain values for the variables in that expression the result of the computation can be equal to `_ rs->total_cards()` which will lead to segmentation fault, for instance in starts_object(card_at_end). The problem happens, though, because the `_object_starts` array doesn't have a [guarding entry](https://github.com/openjdk/jdk/blob/a87dd1a75f78cf872df49bea83ba48af8acfa2fd/src/hotspot/share/gc/shenandoah/shenandoahCardTable.cpp#L37) at the end. The fix I propose is to adjust the allocation of `_object_starts` to include an additional entry at the end to account for this situation.

Sample input that causes the problem:
```
address = 0x7FFFFFFD8
length_in_words = 0x5
card_start_address = 0x7FFFFFE00
card_size_in_words = 0x40
card_at_start = 18874374
---
address + length_in_words => 0x08.00.00.00.00
(address + length_in_words) - card_start_address => 0x40
((address + length_in_words) - card_start_address) / card_size_in_words => 1
card_at_start + 1 => 18874368
---
card_at_end will be 18874368, total_cards() is 18874368
```