snap: check J->pc is within its proto bytecode

(cherry-picked from commit 5c46f47)

This commit adds an assertion to ensure that the `pc` of the
snapshot being made is located within the current prototype.
Violation of this assertion's condition may lead to all kinds
of buggy behavior on restoration from that snapshot, depending
on what is located in memory at the address under `pc`.

NOTICE: This patch is only a part of the original commit,
and the other part is backported in the following commit. The
patch was split into two, so the test case becomes easier to
implement since it can now depend on this assertion instead
of memory layout.

Maxim Kokryashkin:
* added the description for the problem

Part of tarantool/tarantool#9145

Reviewed-by: Sergey Kaplun <[email protected]>
Reviewed-by: Sergey Bronnikov <[email protected]>
Signed-off-by: Igor Munkin <[email protected]>
(cherry picked from commit 2cb19f5)

Author: Mike Pall

src/lj_snap.c

@@ -115,6 +115,9 @@ static MSize snapshot_framelinks(jit_State *J, SnapEntry *map, uint8_t *topslot)
 #else
   MSize f = 0;
   map[f++] = SNAP_MKPC(J->pc);  /* The current PC is always the first entry. */
+  lj_assertJ(!J->pt ||
+	     (J->pc >= proto_bc(J->pt) &&
+	      J->pc < proto_bc(J->pt) + J->pt->sizebc), "bad snapshot PC");
 #endif
   while (frame > lim) {  /* Backwards traversal of all frames above base. */
     if (frame_islua(frame)) {