[wasm][fuzzer] Avoid huge arrays in the fuzzer

Apply a "modulo" (i32.rem_s) operator to the array size before
allocating the array. The unbounded array allocations frequently lead to
out-of-memory crashes in the fuzzer.

R=manoskouk@chromium.org

Bug: chromium:1238063, chromium:1258319
Change-Id: Ie344f783323294c711d75b6e004ff2dca4da5923
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256548
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77657}

test/fuzzer/wasm-compile.cc

@@ -40,6 +40,7 @@ constexpr int kMaxReturns = 15;
 constexpr int kMaxExceptions = 4;
 constexpr int kMaxTableSize = 32;
 constexpr int kMaxTables = 4;
+constexpr int kMaxArraySize = 20;
 
 class DataRange {
   base::Vector<const uint8_t> data_;
@@ -855,6 +856,8 @@ class WasmGenerator {
     } else if (builder_->builder()->IsArrayType(index)) {
       if (new_default) {
         Generate(kWasmI32, data);
+        builder_->EmitI32Const(kMaxArraySize);
+        builder_->Emit(kExprI32RemS);
         builder_->EmitWithPrefix(kExprRttCanon);
         builder_->EmitU32V(index);
         builder_->EmitWithPrefix(kExprArrayNewDefaultWithRtt);
@@ -864,6 +867,8 @@ class WasmGenerator {
             builder_->builder()->GetArrayType(index)->element_type().Unpacked(),
             data);
         Generate(kWasmI32, data);
+        builder_->EmitI32Const(kMaxArraySize);
+        builder_->Emit(kExprI32RemS);
         builder_->EmitWithPrefix(kExprRttCanon);
         builder_->EmitU32V(index);
         builder_->EmitWithPrefix(kExprArrayNewWithRtt);