[wasm] Only use the table maximum in allocation if it is non-zero.

R=ahaas@chromium.org
BUG=chromium:654231

Review-Url: https://chromiumcodereview.appspot.com/2433313002
Cr-Commit-Position: refs/heads/master@{#40458}

src/wasm/module-decoder.cc

@@ -31,6 +31,8 @@ namespace {
 const char* kNameString = "name";
 const size_t kNameStringLength = 4;
 
+static const uint32_t kMaxTableSize = 1 << 28;
+
 LocalType TypeOf(const WasmModule* module, const WasmInitExpr& expr) {
   switch (expr.kind) {
     case WasmInitExpr::kNone:
@@ -313,7 +315,7 @@ class ModuleDecoder : public Decoder {
                 {0, 0, std::vector<int32_t>(), true, false, SignatureMap()});
             expect_u8("element type", 0x20);
             WasmIndirectFunctionTable* table = &module->function_tables.back();
-            consume_resizable_limits("element count", "elements", kMaxUInt32,
+            consume_resizable_limits("element count", "elements", kMaxTableSize,
                                      &table->size, &table->max_size);
             break;
           }

src/wasm/wasm-module.cc

@@ -1042,7 +1042,7 @@ class WasmInstanceBuilder {
           factory->NewFixedArray(function_table_count);
       for (int index = 0; index < function_table_count; ++index) {
         WasmIndirectFunctionTable& table = module_->function_tables[index];
-        uint32_t size = table.max_size;
+        uint32_t size = table.max_size > 0 ? table.max_size : table.size;
         Handle<FixedArray> new_table = factory->NewFixedArray(size * 2);
         for (int i = 0; i < new_table->length(); ++i) {
           static const int kInvalidSigIndex = -1;