[mojo] Eliminate API hazard in mojo_base::BigBuffer

- Implements the move constructor and assignment operator to zero
  bytes_size_ and storage_type_. Otherwise clients checking for empty
  BigBuffers by examining the size() may try to use an empty
  BigBuffer (where data() == nullptr).

Bug: chromium:992991
Change-Id: I23c8d8db35de76762606ecd488cbebfe1ac42ae9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1803136Reviewed-by: Ken Rockot <rockot@google.com>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#697329}

mojo/public/cpp/base/big_buffer.cc

@@ -81,7 +81,15 @@ constexpr size_t BigBuffer::kMaxInlineBytes;
 
 BigBuffer::BigBuffer() : storage_type_(StorageType::kBytes), bytes_size_(0) {}
 
-BigBuffer::BigBuffer(BigBuffer&& other) = default;
+BigBuffer::BigBuffer(BigBuffer&& other)
+    : storage_type_(other.storage_type_),
+      bytes_(std::move(other.bytes_)),
+      bytes_size_(other.bytes_size_),
+      shared_memory_(std::move(other.shared_memory_)) {
+  // Make sure |other| looks empty.
+  other.storage_type_ = StorageType::kInvalidBuffer;
+  other.bytes_size_ = 0;
+}
 
 BigBuffer::BigBuffer(base::span<const uint8_t> data) {
   *this = BigBufferView::ToBigBuffer(BigBufferView(data));
@@ -106,7 +114,16 @@ BigBuffer::BigBuffer(size_t size) {
 
 BigBuffer::~BigBuffer() = default;
 
-BigBuffer& BigBuffer::operator=(BigBuffer&& other) = default;
+BigBuffer& BigBuffer::operator=(BigBuffer&& other) {
+  storage_type_ = other.storage_type_;
+  bytes_ = std::move(other.bytes_);
+  bytes_size_ = other.bytes_size_;
+  shared_memory_ = std::move(other.shared_memory_);
+  // Make sure |other| looks empty.
+  other.storage_type_ = StorageType::kInvalidBuffer;
+  other.bytes_size_ = 0;
+  return *this;
+}
 
 uint8_t* BigBuffer::data() {
   return const_cast<uint8_t*>(const_cast<const BigBuffer*>(this)->data());