[fuzzers] Support parsing failures in regexp-builtins fuzzer

The fuzzer found a couple of cases that exploited comments of the
form:

  function test() {
    const re = /*.../;
    const str = '...*/...';
    let result;
    try { result = re.exec(str); } catch (e) { /* ... */ }
  }

Note that the first line does not contain a regexp literal, it starts
a comment instead. The second line terminates the comment.

This fixes detection of such cases by initializing `result` to null.

TBR=yangguo@chromium.org

Bug: chromium:805970
Change-Id: I5d46db9892e2b4e71cdc2907cebf07a2e33b7a0e
Reviewed-on: https://chromium-review.googlesource.com/894403Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50991}

test/fuzzer/regexp-builtins.cc

@@ -296,7 +296,7 @@ std::string GenerateSourceString(FuzzerArgs* args, const std::string& test) {
                          << flags << ";\n"
      << "  re.lastIndex = " << last_index << ";\n"
      << "  const str = '" << subject << "';\n"
-     << "  let result;\n"
+     << "  let result = null;\n"
      << "  let exception = null;\n"
      << "  try {\n"
      << "    result = " << test << "\n"