[isolate] Increase allowed stack overflow for sanitizer builds

C++ frames can get quite big in sanitizer builds. In the linked bug it
was an ASan debug build, which overflowed the stack by more than 8kB
just from C++ frames (when entering the runtime, there was no overflow
yet).
Hence increase the allowed stack overflow a bit for sanitizer builds,
from 8kB to 32kB.

R=jkummerow@chromium.org

Bug: chromium:1236560
Change-Id: I119fdb859f7ab5e6a0a4174cf79f0a16baa39432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078359Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76142}

src/execution/isolate.cc

@@ -1399,7 +1399,13 @@ Object Isolate::StackOverflow() {
   // frames until we reach this method.
   // If this DCHECK fails, one of the frames on the stack should be augmented by
   // an additional stack check.
+#if defined(V8_USE_ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER)
+  // Allow for a bit more overflow in sanitizer builds, because C++ frames take
+  // significantly more space there.
+  DCHECK_GE(GetCurrentStackPosition(), stack_guard()->real_climit() - 32 * KB);
+#else
   DCHECK_GE(GetCurrentStackPosition(), stack_guard()->real_climit() - 8 * KB);
+#endif
 
   if (FLAG_correctness_fuzzer_suppressions) {
     FATAL("Aborting on stack overflow");

test/mjsunit/regress/regress-1236560.js

+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+let obj = {};
+let arr = new Uint8Array(3);
+function __f_0() {
+        arr[2] = obj;
+}
+obj.toString = __f_0;
+assertThrows(() => obj.toString(), RangeError);