A different but easier take would be to have an array of function pointers plus a function pointer to
f() next to each other in memory, e.g. as local variables in main. Fill the array with pointers to g(), writing out-of-bounds by 1 (above or below, depending on the implementation), which should overwrite the pointer to f(). Calling the function that pointer points to should then call g().