[wasm] Copy the signature when compiling an imported function.

The signature of an imported function is needed to compile a wrapper in
wasm to call the imported function. The signature is stored in a heap
object which is created when the wasm module is compiled. With this CL
we do not use a pointer to the signature in the heap object but instead
copy the signature and then use a pointer to the copy. A pointer into
a heap object causes problems when a GC is happening.

R=titzer@chromium.org, mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2124743002
Cr-Commit-Position: refs/heads/master@{#37527}

src/wasm/wasm-module.cc

@@ -648,15 +648,22 @@ bool CompileWrappersToImportedFunctions(Isolate* isolate,
           *thrower, isolate->factory(), ffi, index, module_name, function_name);
       if (function.is_null()) return false;
 
-      FunctionSig sig(
-          ret_count, param_count,
-          reinterpret_cast<const MachineRepresentation*>(sig_data->data()));
-
-      Handle<Code> code = compiler::CompileWasmToJSWrapper(
-          isolate, function.ToHandleChecked(), &sig, index, module_name,
-          function_name);
-
-      imports.push_back(code);
+      {
+        // Copy the signature to avoid a raw pointer into a heap object when
+        // GC can happen.
+        Zone zone(isolate->allocator());
+        MachineRepresentation* reps =
+            zone.NewArray<MachineRepresentation>(sig_data_size);
+        memcpy(reps, sig_data->data(),
+               sizeof(MachineRepresentation) * sig_data_size);
+        FunctionSig sig(ret_count, param_count, reps);
+
+        Handle<Code> code = compiler::CompileWasmToJSWrapper(
+            isolate, function.ToHandleChecked(), &sig, index, module_name,
+            function_name);
+
+        imports.push_back(code);
+      }
     }
   }
   return true;