[runtime] Remove FATAL error in ConvertElementsWithCapacity

Bug: chromium:1206453
Change-Id: I808c8dd332e92835328e51515c4da812d3a3528c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891830
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74525}

src/objects/elements.cc

@@ -811,23 +811,17 @@ class ElementsAccessorBase : public InternalElementsAccessor {
     Isolate* isolate = object->GetIsolate();
     Handle<FixedArrayBase> new_elements;
     // TODO(victorgomes): Retrieve native context in optimized code
-    // and remove the fatal errors.
+    // and remove the check isolate->context().is_null().
     if (IsDoubleElementsKind(kind())) {
-      if (capacity < 0 || capacity > FixedDoubleArray::kMaxLength) {
-        if (isolate->context().is_null()) {
-          FATAL("Fatal JavaScript invalid array length");
-          UNREACHABLE();
-        }
+      if (!isolate->context().is_null() &&
+          !base::IsInRange(capacity, 0, FixedDoubleArray::kMaxLength)) {
         return isolate->Throw<FixedArrayBase>(isolate->factory()->NewRangeError(
             MessageTemplate::kInvalidArrayLength));
       }
       new_elements = isolate->factory()->NewFixedDoubleArray(capacity);
     } else {
-      if (capacity < 0 || capacity > FixedArray::kMaxLength) {
-        if (isolate->context().is_null()) {
-          FATAL("Fatal JavaScript invalid array length");
-          UNREACHABLE();
-        }
+      if (!isolate->context().is_null() &&
+          !base::IsInRange(capacity, 0, FixedArray::kMaxLength)) {
         return isolate->Throw<FixedArrayBase>(isolate->factory()->NewRangeError(
             MessageTemplate::kInvalidArrayLength));
       }