Fix severe bug when branching with a negative offset

This bug is essentially due to a buffer overflow, in fact we were shifting a byte to the left by 8 bits.

Author: danieledapo

gork/zmachine.go

@@ -121,25 +121,25 @@ func (zm *ZMachine) Branch(conditionOk bool) {
 branchOnTrue := (info >> 7) != 0x00
 
 // offset is relative to current PC and it can be negative
-var offset int16
+var offset int32
 
 // if bit #6 is set than the offset is stored in the bottom
 // 6 bits
 if info&0x40 != 0x00 {
-offset = int16(info & 0x3F)
+offset = int32(info & 0x3F)
 } else {
 // if bit #6 is clear than the offset is store in a 14 bit signed
 // integer composed by the bottom 5 bits of info and 8 bits of an
 // additional byte
-firstPart := info & 0x3F
+firstPart := uint16(info & 0x3F)
 
 // if sign bit(#6) is set then it's a negative number
 // in two complement form, so set the bits #6 and #7 too
 if firstPart&0x20 != 0x00 {
 firstPart |= 0x3 << 6
 }
 
-offset = int16(firstPart<<8) | int16(zm.seq.ReadByte())
+offset = int32(int16(firstPart<<8) | int16(zm.seq.ReadByte()))
 }
 
 // jump if conditionOk and branchOnTrue are both true or false
@@ -158,7 +158,7 @@ func (zm *ZMachine) Branch(conditionOk bool) {
 }
 }
 
-func (zm *ZMachine) CalcJumpAddress(offset int16) uint32 {
+func (zm *ZMachine) CalcJumpAddress(offset int32) uint32 {
 // Address after branch data + Offset - 2
 return uint32(int64(zm.seq.pos) + int64(offset) - 2)
 }

gork/zoptable.go

@@ -153,7 +153,7 @@ func ZJump(zm *ZMachine, offset uint16) {
 // this is not a branch instruction
 // jumping to an instruction in a different routine is permitted,
 // but the standard consider it bad practice :)
-zm.seq.pos = zm.CalcJumpAddress(int16(offset))
+zm.seq.pos = zm.CalcJumpAddress(int32(int16(offset)))
 }
 
 func ZPrint(zm *ZMachine) {