[wasm] Fix serialization of empty modules.

This fixes a corner-case in the {NativeModuleSerializer} with modules
that do not contain any functions in the code table.

R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-801850
BUG=chromium:801850

Change-Id: I30cc3a26f30d8653fba2d7b99715830d12300ac2
Reviewed-on: https://chromium-review.googlesource.com/866773
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50581}

src/wasm/wasm-serialization.cc

@@ -472,15 +472,20 @@ size_t NativeModuleSerializer::Write(Vector<byte> dest) {
         dest = dest + DrainBuffer(dest);
         if (remaining_.size() == 0) {
           index_ = native_module_->num_imported_functions();
-          BufferCurrentWasmCode();
-          state_ = CodeSection;
+          if (index_ < native_module_->FunctionCount()) {
+            BufferCurrentWasmCode();
+            state_ = CodeSection;
+          } else {
+            state_ = Done;
+          }
         }
         break;
       }
       case CodeSection: {
         dest = dest + DrainBuffer(dest);
         if (remaining_.size() == 0) {
-          if (++index_ < native_module_->FunctionCount()) {
+          ++index_;  // Move to next code object.
+          if (index_ < native_module_->FunctionCount()) {
             BufferCurrentWasmCode();
           } else {
             state_ = Done;

test/mjsunit/regress/wasm/regress-801850.js

@@ -0,0 +1,11 @@
+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+load('test/mjsunit/wasm/wasm-constants.js');
+load('test/mjsunit/wasm/wasm-module-builder.js');
+
+var builder = new WasmModuleBuilder();
+let module = new WebAssembly.Module(builder.toBuffer());
+var worker = new Worker('onmessage = function() {};');
+worker.postMessage(module)