[ubsan] Fix integer overflow in compiler

Negating the maximum int32 failed in ubsan. Use
{base::NegateWithWraparound} to avoid UB.

R=jkummerow@chromium.org

Bug: chromium:980007
Change-Id: If52a3bb3158eb5b465e7bd29deaffc0b18660360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683993
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62470}

src/compiler/backend/x64/instruction-selector-x64.cc

@@ -898,7 +898,8 @@ void InstructionSelector::VisitInt32Sub(Node* node) {
       // Omit truncation and turn subtractions of constant values into immediate
       // "leal" instructions by negating the value.
       Emit(kX64Lea32 | AddressingModeField::encode(kMode_MRI),
-           g.DefineAsRegister(node), int64_input, g.TempImmediate(-imm));
+           g.DefineAsRegister(node), int64_input,
+           g.TempImmediate(base::NegateWithWraparound(imm)));
     }
     return;
   }

test/mjsunit/regress/wasm/regress-980007.js

@@ -0,0 +1,14 @@
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+load('test/mjsunit/wasm/wasm-module-builder.js');
+
+const builder = new WasmModuleBuilder();
+builder.addFunction(undefined, kSig_i_i).addBody([
+  kExprI64Const, 0x01,
+  kExprI32ConvertI64,
+  kExprI32Const, 0x80, 0x80, 0x80, 0x80, 0x78,
+  kExprI32Sub,
+]);
+builder.instantiate();