[wasm] Fix EnsureSpace in the ZoneBuffer of the wasm encoder.

BUG=chromium:647329 R=titzer@chromium.org TEST=unittest EncoderTest.Regression_647329 Review-Url: https://codereview.chromium.org/2355803002 Cr-Commit-Position: refs/heads/master@{#39556}

[wasm] Fix EnsureSpace in the ZoneBuffer of the wasm encoder.
BUG=chromium:647329 R=titzer@chromium.org TEST=unittest EncoderTest.Regression_647329 Review-Url: https://codereview.chromium.org/2355803002 Cr-Commit-Position: refs/heads/master@{#39556}
57d81937 · ahaas · Commit bot · b88d132f · 57d81937 · 57d81937
Commit 57d81937 authored Sep 20, 2016 by ahaas Committed by Commit bot Sep 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletion

encoder.h src/wasm/encoder.h +2 -1

encoder-unittest.cc test/unittests/wasm/encoder-unittest.cc +8 -0

No files found.
--- a/src/wasm/encoder.h
+++ b/src/wasm/encoder.h
@@ -90,13 +90,14 @@ class ZoneBuffer : public ZoneObject {
  void EnsureSpace(size_t size) {
    if ((pos_ + size) > end_) {
-      size_t new_size = 4096 + (end_ - buffer_) * 3;
+      size_t new_size = 4096 + size + (end_ - buffer_) * 3;
      byte* new_buffer = reinterpret_cast<byte*>(zone_->New(new_size));
      memcpy(new_buffer, buffer_, (pos_ - buffer_));
      pos_ = new_buffer + (pos_ - buffer_);
      buffer_ = new_buffer;
      end_ = new_buffer + new_size;
    }
+    DCHECK(pos_ + size <= end_);
  }
  byte** pos_ptr() { return &pos_; }

--- a/test/unittests/wasm/encoder-unittest.cc
+++ b/test/unittests/wasm/encoder-unittest.cc
@@ -23,6 +23,14 @@ class EncoderTest : public TestWithZone {
  }
 };
+TEST_F(EncoderTest, Regression_647329) {
+  // Test crashed with asan.
+  ZoneBuffer buffer(zone());
+  const size_t kSize = ZoneBuffer::kInitialSize * 3 + 4096 + 100;
+  byte data[kSize];
+  buffer.write(data, kSize);
+}
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8