Avoid pointer underflow in CopyCharsUnsigned.

R=dcarney@chromium.org
BUG=v8:2493

Review URL: https://chromiumcodereview.appspot.com/11961012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13398 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

include/v8.h

@@ -1135,9 +1135,9 @@ class V8EXPORT String : public Primitive {
                  int options = NO_OPTIONS) const;
   // One byte characters.
   int WriteOneByte(uint8_t* buffer,
-                            int start = 0,
-                            int length = -1,
-                            int options = NO_OPTIONS) const;
+                   int start = 0,
+                   int length = -1,
+                   int options = NO_OPTIONS) const;
   // UTF-8 encoded characters.
   int WriteUtf8(char* buffer,
                 int length = -1,

src/v8utils.h

@@ -249,7 +249,8 @@ void CopyCharsUnsigned(sinkchar* dest, const sourcechar* src, int chars) {
     }
     // Number of characters in a uintptr_t.
     static const int kStepSize = sizeof(uintptr_t) / sizeof(*dest);  // NOLINT
-    while (dest <= limit - kStepSize) {
+    ASSERT(dest + kStepSize > dest);  // Check for overflow.
+    while (dest + kStepSize <= limit) {
       *reinterpret_cast<uintptr_t*>(dest) =
           *reinterpret_cast<const uintptr_t*>(src);
       dest += kStepSize;

test/cctest/test-api.cc

@@ -6220,6 +6220,10 @@ THREADED_TEST(StringWrite) {
   CHECK_EQ(0, strcmp("abc", buf));
   CHECK_EQ(0, buf[3]);
   CHECK_EQ(0, strcmp("def", buf + 4));
+
+  CHECK_EQ(0, str->WriteAscii(NULL, 0, 0, String::NO_NULL_TERMINATION));
+  CHECK_EQ(0, str->WriteUtf8(NULL, 0, 0, String::NO_NULL_TERMINATION));
+  CHECK_EQ(0, str->Write(NULL, 0, 0, String::NO_NULL_TERMINATION));
 }
 
 
@@ -18144,4 +18148,5 @@ class ThreadInterruptTest {
 THREADED_TEST(SemaphoreInterruption) {
   ThreadInterruptTest().RunTest();
 }
+
 #endif  // WIN32