imagebuildah.Executor/StageExecutor: check numeric --from= values

When we look up a stage that's referred to in a COPY --from argument,
treat the string as a stage number not only if it parses as one, as we
checked before, but now also require that the number correspond to one
of the stages that would be completed before the one into which the
content will be copied.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

imagebuildah/executor.go

@@ -862,7 +862,7 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image
 							logrus.Debugf("stage %d name: %q resolves to %q", stageIndex, stageName, baseWithArg)
 							stageName = baseWithArg
 							// If --from=<index> convert index to name
-							if index, err := strconv.Atoi(stageName); err == nil {
+							if index, err := strconv.Atoi(stageName); err == nil && index >= 0 && index < stageIndex {
 								stageName = stages[index].Name
 							}
 							// Check if selected base is not an additional

imagebuildah/stage_executor.go

@@ -467,7 +467,7 @@ func (s *StageExecutor) performCopy(excludes []string, copies ...imagebuilder.Co
 				// exists and if stage short_name matches any
 				// additionalContext replace stage with additional
 				// build context.
-				if index, err := strconv.Atoi(from); err == nil {
+				if index, err := strconv.Atoi(from); err == nil && index >= 0 && index < s.index {
 					from = s.stages[index].Name
 				}
 				if foundContext, ok := s.executor.additionalBuildContexts[from]; ok {
@@ -1395,7 +1395,7 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 				// also account if the index is given instead
 				// of name so convert index in --from=<index>
 				// to name.
-				if index, err := strconv.Atoi(from); err == nil {
+				if index, err := strconv.Atoi(from); err == nil && index >= 0 && index < s.index {
 					from = s.stages[index].Name
 				}
 				// If additional buildContext contains this