Add size parameter check in buffer mapAsync in wire server

This patch add the size parameter check in buffer mapAsync in dawn
wire server to make sure that it is not WGPU_WHOLE_MAP_SIZE. Together
with validation in mapAsync in dawn native, we can ensure that the
size parameter deserialized in wire server is a valid actual size.
When using default size with dawn wire, the actual size is computed
by wire client, and WGPU_WHOLE_MAP_SIZE shall never be passed to server.

Bug: chromium:1270819
Change-Id: Ic0fe52efed15860bcc519a3881f0f649f7455435
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/70260
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>

src/dawn_wire/server/ServerBuffer.cpp

@@ -74,8 +74,12 @@ namespace dawn_wire { namespace server {
         userdata->requestSerial = requestSerial;
         userdata->mode = mode;
 
-        if (offset64 > std::numeric_limits<size_t>::max() ||
+        // Make sure that the deserialized offset and size are no larger than
-            size64 > std::numeric_limits<size_t>::max()) {
+        // std::numeric_limits<size_t>::max() so that they are CPU-addressable, and size is not
+        // WGPU_WHOLE_MAP_SIZE, which is by definition std::numeric_limits<size_t>::max(). Since
+        // client does the default size computation, we should always have a valid actual size here
+        // in server. All other invalid actual size can be caught by dawn native side validation.
+        if (offset64 > std::numeric_limits<size_t>::max() || size64 >= WGPU_WHOLE_MAP_SIZE) {
             OnBufferMapAsyncCallback(WGPUBufferMapAsyncStatus_Error, userdata.get());
             return true;
         }