Fix cluster-fuzz found regression in d8 when deserializing ArrayBuffer

BUG=503578
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1204753002

Cr-Commit-Position: refs/heads/master@{#29244}

src/d8.cc

@@ -2151,7 +2151,6 @@ MaybeLocal<Value> Shell::DeserializeValue(Isolate* isolate,
       for (int i = 0; i < length; ++i) {
         Local<Value> property_name;
         CHECK(DeserializeValue(isolate, data, offset).ToLocal(&property_name));
-        DCHECK(property_name->IsString());
         Local<Value> property_value;
         CHECK(DeserializeValue(isolate, data, offset).ToLocal(&property_value));
         object->Set(property_name, property_value);

test/mjsunit/regress/regress-crbug-503578.js

+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function __f_1() {
+  onmessage = function() {}
+}
+function __f_0(byteLength) {
+  var __v_1 = new ArrayBuffer(byteLength);
+  var __v_5 = new Uint32Array(__v_1);
+  return __v_5;
+}
+var __v_6 = new Worker(__f_1);
+var __v_3 = __f_0(16);
+__v_6.postMessage(__v_3);