[wasm] Validate the length of strings before validating the string.

BUG=chromium:644182
R=titzer@chromium.org
TEST=module-decoder-unittest.cc:ExportNameWithInvalidStringLength

Review-Url: https://codereview.chromium.org/2310023002
Cr-Commit-Position: refs/heads/master@{#39199}

src/wasm/module-decoder.cc

@@ -587,10 +587,13 @@ class ModuleDecoder : public Decoder {
     *length = consume_u32v("string length");
     uint32_t offset = pc_offset();
     TRACE("  +%u  %-20s: (%u bytes)\n", offset, "string", *length);
-    if (validate_utf8 && !unibrow::Utf8::Validate(pc_, *length)) {
+    const byte* string_start = pc_;
-      error(pc_, "no valid UTF-8 string");
+    // Consume bytes before validation to guarantee that the string is not oob.
-    }
     consume_bytes(*length);
+    if (ok() && validate_utf8 &&
+        !unibrow::Utf8::Validate(string_start, *length)) {
+      error(string_start, "no valid UTF-8 string");
+    }
     return offset;
   }
 

test/unittests/wasm/module-decoder-unittest.cc

@@ -1023,6 +1023,20 @@ TEST_F(WasmModuleVerifyTest, ExportTableOne) {
   if (result.val) delete result.val;
 }
 
+TEST_F(WasmModuleVerifyTest, ExportNameWithInvalidStringLength) {
+  static const byte data[] = {// signatures
+                              SIGNATURES_SECTION_VOID_VOID,
+                              ONE_EMPTY_FUNCTION,
+                              SECTION(EXPORT_TABLE, 12),
+                              1,                // exports
+                              FUNC_INDEX(0),    // --
+                              NAME_LENGTH(84),  // invalid string length
+                              'e',              // --
+                              ONE_EMPTY_BODY};
+
+  EXPECT_FAILURE(data);
+}
+
 TEST_F(WasmModuleVerifyTest, ExportTableTwo) {
   static const byte data[] = {// signatures
                               SIGNATURES_SECTION_VOID_VOID,