vm: disallow negative offset in (*Context).Next()

Currently the only known reason this can happen is processing
ENDFINALLY opcode before the corresponding ENDTRY.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>

pkg/vm/context.go

@@ -95,6 +95,9 @@ func (c *Context) Next() (opcode.Opcode, []byte, error) {
 	var err error
 
 	c.ip = c.nextip
+	if c.ip < 0 {
+		return 0, nil, errors.New("invalid instruction offset")
+	}
 	if c.ip >= len(c.prog) {
 		return opcode.RET, nil, nil
 	}

pkg/vm/vm_test.go

@@ -1385,6 +1385,17 @@ func TestKEYS(t *testing.T) {
 	t.Run("WrongType", getTestFuncForVM(prog, nil, []stackitem.Item{}))
 }
 
+func TestTry_ENDFINALLY_before_ENDTRY(t *testing.T) {
+	prog := makeProgram(opcode.TRY, 0, 3, opcode.ENDFINALLY)
+	require.NoError(t, IsScriptCorrect(prog, nil))
+
+	v := load(prog)
+
+	var err error
+	require.NotPanics(t, func() { err = v.Run() })
+	require.Error(t, err)
+}
+
 func TestVALUESMap(t *testing.T) {
 	prog := makeProgram(opcode.VALUES)
 	vm := load(prog)