[wasm] Validate the length of strings before validating the string.

src/wasm/module-decoder.cc

Index: src/wasm/module-decoder.cc
diff --git a/src/wasm/module-decoder.cc b/src/wasm/module-decoder.cc
index 09b52a45c5b32da638a3adbe0bf0d75869e700e2..bb5d7345142ec7fa04f5a79ece2f9e3e66129e54 100644
--- a/src/wasm/module-decoder.cc
+++ b/src/wasm/module-decoder.cc
@@ -585,9 +585,13 @@ class ModuleDecoder : public Decoder {
   // the offset of the string, and the length as an out parameter.
   uint32_t consume_string(uint32_t* length, bool validate_utf8) {
     *length = consume_u32v("string length");
+    // Check if the string does not exceed module boundaries.
+    if (pc_ + *length >= end_) {

[titzer, 2016/09/06 09:02:33]

This can wrap around. There should be sufficient checks in consume_bytes(). Is
there any way to move the consume_bytes() up above the tracing?

[ahaas, 2016/09/06 09:22:12]

Done.

+      error(pc_, "invalid string length");
+    }
     uint32_t offset = pc_offset();
     TRACE("  +%u  %-20s: (%u bytes)\n", offset, "string", *length);
-    if (validate_utf8 && !unibrow::Utf8::Validate(pc_, *length)) {
+    if (ok() && validate_utf8 && !unibrow::Utf8::Validate(pc_, *length)) {
       error(pc_, "no valid UTF-8 string");
     }
     consume_bytes(*length);