[dart/vm] fix potential buffer overrun in unicode utils Rationale: Found by libFuzzer, calling into Utf16::Encode should ensure sufficient output buffer is available since it accesses two uint16_t words. https://github.com/dart-lang/sdk/issues/36235 Change-Id: I14733b0b059f9d710e022b02d143e42c8b5f91e3 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/97042 Reviewed-by: Alexander Markov <alexmarkov@google.com> Commit-Queue: Aart Bik <ajcbik@google.com>

commit: 0a42e8e062d2a5c6795015c8d43780513228d726 [log] [tgz]
author: Aart Bik <ajcbik@google.com> Fri Mar 15 18:18:15 2019 +0000
committer: commit-bot@chromium.org <commit-bot@chromium.org> Fri Mar 15 18:18:15 2019 +0000
tree: 06d1af1754dceeff608ed225fc65faab5dbaf743
parent: 74a23b96b041bda212acd7da3fdcedf74bb398a9 [diff]
diff --git a/runtime/vm/unicode.cc b/runtime/vm/unicode.cc
index a3b4fb9..90379d1 100644
--- a/runtime/vm/unicode.cc
+++ b/runtime/vm/unicode.cc

@@ -344,6 +344,7 @@
       return false;  // Invalid input.
     }
     if (is_supplementary) {
+      if (j == (len - 1)) return false;  // Output overflow.
       Utf16::Encode(ch, &dst[j]);
       j = j + 1;
     } else {
commit	0a42e8e062d2a5c6795015c8d43780513228d726	[log] [tgz]
author	Aart Bik <ajcbik@google.com>	Fri Mar 15 18:18:15 2019 +0000
committer	commit-bot@chromium.org <commit-bot@chromium.org>	Fri Mar 15 18:18:15 2019 +0000
tree	06d1af1754dceeff608ed225fc65faab5dbaf743
parent	74a23b96b041bda212acd7da3fdcedf74bb398a9 [diff]