Validate jump target before updating vm->int_funcs

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

vm/ubpf_vm.c

@@ -31,8 +31,8 @@
 #include <unistd.h>
 
 #define MAX_EXT_FUNCS 64
-#define SHIFT_MASK_32_BIT(X) ((X) & 0x1f)
-#define SHIFT_MASK_64_BIT(X) ((X) & 0x3f)
+#define SHIFT_MASK_32_BIT(X) ((X)&0x1f)
+#define SHIFT_MASK_64_BIT(X) ((X)&0x3f)
 
 static bool
 validate(const struct ubpf_vm* vm, const struct ebpf_inst* insts, uint32_t num_insts, char** errmsg);
@@ -65,16 +65,17 @@ ubpf_set_error_print(struct ubpf_vm* vm, int (*error_printf)(FILE* stream, const
 }
 
 static uint64_t
-ubpf_default_external_dispatcher(uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5, unsigned int index, void* cookie)
+ubpf_default_external_dispatcher(
+    uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5, unsigned int index, void* cookie)
 {
-    struct ubpf_vm *vm = (struct ubpf_vm*)cookie;
+    struct ubpf_vm* vm = (struct ubpf_vm*)cookie;
     return vm->ext_funcs[index](arg1, arg2, arg3, arg4, arg5);
 }
 
 static bool
 ubpf_default_external_validator(unsigned int index, void* cookie)
 {
-    struct ubpf_vm *vm = (struct ubpf_vm*)cookie;
+    struct ubpf_vm* vm = (struct ubpf_vm*)cookie;
     if (index < MAX_EXT_FUNCS) {
         return vm->ext_funcs[index] != NULL;
     }
@@ -137,7 +138,6 @@ as_external_function_t(void* f)
     return (external_function_t)f;
 };
 
-
 int
 ubpf_register(struct ubpf_vm* vm, unsigned int idx, const char* name, external_function_t fn)
 {
@@ -245,6 +245,10 @@ ubpf_load(struct ubpf_vm* vm, const void* code, uint32_t code_len, char** errmsg
          */
         if (source_inst[i].opcode == EBPF_OP_CALL && source_inst[i].src == 1) {
             uint32_t target = i + source_inst[i].imm + 1;
+            if (target >= vm->num_insts) {
+                *errmsg = ubpf_error("invalid call target %u", target);
+                return -1;
+            }
             vm->int_funcs[target] = true;
         }
         // Store instructions in the vm.