Avoid trusting the length encoded in the Snapshot if there is an

runtime/vm/dart_api_message.cc

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #include "vm/dart_api_message.h"
 #include "vm/object.h"
 #include "vm/snapshot_ids.h"
 #include "vm/symbols.h"
 
 namespace dart {
 
 static const int kNumInitialReferences = 4;
 
-ApiMessageReader::ApiMessageReader(const uint8_t* buffer,
-                                   intptr_t length,
-                                   ReAlloc alloc)
-    : BaseReader(buffer, length),
+ApiMessageReader::ApiMessageReader(const Snapshot* snapshot, ReAlloc alloc)
+    : BaseReader(snapshot->content(), snapshot->length()),
       alloc_(alloc),
       backward_references_(kNumInitialReferences) {
   Init();
 }
 
 
 void ApiMessageReader::Init() {
   // Initialize marker objects used to handle Lists.
   // TODO(sjesse): Remove this when message serialization format is
   // updated.
@@ skipping 425 matching lines @@
 Dart_CObject* ApiMessageReader::GetBackRef(intptr_t id) {
   ASSERT(id >= kMaxPredefinedObjectIds);
   intptr_t index = (id - kMaxPredefinedObjectIds);
   if (index < backward_references_.length()) {
     return backward_references_[index]->reference();
   }
   return NULL;
 }
 
 
-void ApiMessageWriter::WriteMessage(intptr_t field_count, intptr_t *data) {
+intptr_t ApiMessageWriter::WriteMessage(intptr_t field_count, intptr_t *data) {
   // Write out the serialization header value for this object.
   WriteInlinedObjectHeader(kMaxPredefinedObjectIds);
 
   // Write out the class and tags information.
   WriteIndexedObject(kArrayCid);
   WriteIntptrValue(0);
 
   // Write out the length field.
   Write<RawObject*>(Smi::New(field_count));
 
   // Write out the type arguments.
   WriteNullObject();
 
   // Write out the individual Smis.
   for (int i = 0; i < field_count; i++) {
     Write<RawObject*>(Integer::New(data[i]));
   }
 
-  FinalizeBuffer();
+  return FinalizeBuffer();
 }
 
 
 void ApiMessageWriter::MarkCObject(Dart_CObject* object, intptr_t object_id) {
   // Mark the object as serialized by adding the object id to the
   // upper bits of the type field in the Dart_CObject structure. Add
   // an offset for making marking of object id 0 possible.
   ASSERT(!IsCObjectMarked(object));
   intptr_t mark_value = object_id + kDartCObjectMarkOffset;
   object->type = static_cast<Dart_CObject::Type>(
@@ skipping 273 matching lines @@
       WriteIntptrValue(reinterpret_cast<intptr_t>(peer));
       WriteIntptrValue(reinterpret_cast<intptr_t>(callback));
       break;
     }
     default:
       UNREACHABLE();
   }
 }
 
 
-void ApiMessageWriter::WriteCMessage(Dart_CObject* object) {
+intptr_t ApiMessageWriter::WriteCMessage(Dart_CObject* object) {
   WriteCObject(object);
   // Write out all objects that were added to the forward list and have
   // not been serialized yet. These would typically be fields of arrays.
   // NOTE: The forward list might grow as we process the list.
   for (intptr_t i = 0; i < forward_id_; i++) {
     WriteForwardedCObject(forward_list_[i]);
   }
   UnmarkAllCObjects(object);
-  FinalizeBuffer();
+  return FinalizeBuffer();
 }
 
 }  // namespace dart