Address code review feedback: fix documentation and add overflow checks

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

Author: Copilot

custom_tests/descrs/ubpf_test_large_program.md

@@ -1,17 +1,16 @@
 # Large Program Test
 
-This test validates that programs with more than 65,536 instructions can be loaded and executed correctly when `ubpf_set_max_instructions()` is used to increase the limit.
+This test validates that programs with more than 65,536 instructions can be loaded correctly when `ubpf_set_max_instructions()` is used to increase the limit.
 
 The test performs the following:
 1. Creates a VM and sets max_instructions to 100,000
-2. Generates a program with 70,000 instructions (NOP-like JA instructions with offset 0) plus an EXIT
+2. Generates a program with 66,000 instructions (NOP-like JA instructions with offset 0) plus an EXIT
 3. Loads the program into the VM
-4. Executes the program via interpreter
-5. JIT compiles and executes the program
-6. Verifies both return the same result
 
 This validates that:
 - The type change from uint16_t to uint32_t for num_insts works correctly
 - Programs beyond the old 65,536 limit can be loaded
-- The validation and execution paths handle large instruction counts
-- The JIT compiler can handle large programs
+- The validation path handles large instruction counts correctly
+
+Note: The test skips interpreter and JIT execution to keep test runtime reasonable.
+Large programs with many sequential NOPs would take prohibitively long to execute.

custom_tests/descrs/ubpf_test_max_insts_api.md

@@ -2,13 +2,13 @@
 
 This test validates the boundary conditions and API for configurable instruction limits:
 
-1. Test that exactly 65,536 instructions work with default settings
-2. Test that 65,537 instructions fail with default settings
+1. Test that 65,535 instructions (just under the default limit) load successfully
+2. Test that 65,536 instructions (at the default limit) fail to load
 3. Test that ubpf_set_max_instructions() works correctly
 4. Test that ubpf_set_max_instructions() fails if code is already loaded
 5. Test setting a lower limit than default
 
 This ensures:
-- The old default limit of 65,536 is preserved for backward compatibility
+- The default limit of 65,536 is preserved for backward compatibility
 - The API correctly validates and enforces limits
 - Programs at the boundary behave as expected

custom_tests/srcs/ubpf_test_max_insts_api.cc

@@ -43,9 +43,9 @@ main(int argc, char** argv)
     (void)argc;
     (void)argv;
 
-    // Test 1: Exactly 65,536 instructions should work with default settings (just under the limit)
+    // Test 1: 65,535 instructions (just under default limit) should work
     {
-        std::cout << "Test 1: Loading 65,535 instructions with default limit..." << std::endl;
+        std::cout << "Test 1: Loading 65,535 instructions (just under default limit)..." << std::endl;
         std::unique_ptr<ubpf_vm, decltype(&ubpf_destroy)> vm(ubpf_create(), ubpf_destroy);
         auto program = generate_program(65535);
 
@@ -60,9 +60,9 @@ main(int argc, char** argv)
         std::cout << "Test 1 PASSED" << std::endl;
     }
 
-    // Test 2: 65,536 or more instructions should fail with default settings
+    // Test 2: 65,536 instructions (at default limit) should fail
     {
-        std::cout << "Test 2: Loading 65,536 instructions with default limit (should fail)..." << std::endl;
+        std::cout << "Test 2: Loading 65,536 instructions (at default limit - should fail)..." << std::endl;
         std::unique_ptr<ubpf_vm, decltype(&ubpf_destroy)> vm(ubpf_create(), ubpf_destroy);
         auto program = generate_program(65536);
 

vm/ubpf_jit_support.c

@@ -87,8 +87,19 @@ initialize_jit_state_result(
     // - Dispatcher loads
     // - Other JIT-generated relocations
     // Conservative estimate: 2x the instruction count + some fixed overhead
+    // Check for overflow: ensure vm->num_insts <= (UINT32_MAX - 64) / 2
+    if (vm->num_insts > (UINT32_MAX - 64) / 2) {
+        *errmsg = ubpf_error("Program too large for JIT compilation");
+        return -1;
+    }
     uint32_t array_size = vm->num_insts * 2 + 64;
 
+    // Check for overflow in pc_locs allocation (vm->num_insts + 1)
+    if (vm->num_insts == UINT32_MAX) {
+        *errmsg = ubpf_error("Program too large for JIT compilation");
+        return -1;
+    }
+    
     state->max_insts = array_size;
     state->pc_locs = calloc(vm->num_insts + 1, sizeof(state->pc_locs[0]));
     state->jumps = calloc(array_size, sizeof(state->jumps[0]));