Crash detected after ~5mins of fuzzing

[fwsGonzo]

I extracted the payload, and I can replicate it in a new regression test.

10: Test 4
10: Verify branch at 0x2104
10: Creating branch at 0x2104
10: Detected branch bytecode at 0x29AE
10: Branch 0x21FA >= 0x1950 (decoder=0x5290000168b8)
10: /home/gonzo/github/libriscv/lib/libriscv/bytecode_impl.cpp:119:3: runtime error: addition of unsigned offset to 0x5290000168b8 overflowed to 0x529000014610
10: SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/gonzo/github/libriscv/lib/libriscv/bytecode_impl.cpp:119:3 in 
10: =================================================================
10: ==2061395==ERROR: AddressSanitizer: heap-use-after-free on address 0x529000012742 at pc 0x55df84be5bd9 bp 0x7ffdbf6e1510 sp 0x7ffdbf6e1508
10: READ of size 2 at 0x529000012742 thread T0
10:     #0 0x55df84be5bd8 in riscv::DecoderData<8>::block_bytes() const /home/gonzo/github/libriscv/lib/libriscv/decoder_cache.hpp:56:10
10:     #1 0x55df84be5bd8 in riscv::CPU<8>::simulate_bytecode(unsigned long) /home/gonzo/github/libriscv/lib/libriscv/bytecode_impl.cpp:119:3

So far I have no idea what the cause is. The branching seems to be OK within the segment. With debug-stepping enabled it's just looping until it hits max instructions (what WASM calls gas). Still investigating.

[fwsGonzo]

It turns out that blocks were limited to 255 instructions before they restarted with C-extension enabled. Yes, it really does add a ton of complexity to simulation. I hate it. Anyway, fixed now with a new bytecode that restart the block sequence keeping PC properly in synch.

[fwsGonzo]

Confirmed with fuzzing