[d8] ArrayBuffer size must be less than 2GB.

- Changes d8 ArrayBuffer::Allocators to restrict size to < 2GB on the
  Allocate/AllocateUninitialized paths. Reserve can still create larger
  ArrayBuffers.

Bug: chromium:793196
Change-Id: I662f8c681f715457d630df31039a1ea4d17cfafc
Reviewed-on: https://chromium-review.googlesource.com/817763
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49973}

src/d8.cc

@@ -83,7 +83,7 @@ class ArrayBufferAllocatorBase : public v8::ArrayBuffer::Allocator {
     size_t alloc_length = GetAllocLength(length);
     // TODO(titzer): allocations should fail if >= 2gb because array buffers
     // store their lengths as a SMI internally.
-    if (alloc_length > kTwoGB) return nullptr;
+    if (alloc_length >= kTwoGB) return nullptr;
 #if V8_OS_AIX && _LINUX_SOURCE_COMPAT
     // Work around for GCC bug on AIX
     // See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79839
@@ -99,7 +99,7 @@ class ArrayBufferAllocatorBase : public v8::ArrayBuffer::Allocator {
     size_t alloc_length = GetAllocLength(length);
     // TODO(titzer): allocations should fail if >= 2gb because array buffers
     // store their lengths as a SMI internally.
-    if (alloc_length > kTwoGB) return nullptr;
+    if (alloc_length >= kTwoGB) return nullptr;
 #if V8_OS_AIX && _LINUX_SOURCE_COMPAT
     // Work around for GCC bug on AIX
     // See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79839