[factory] Harden NewByteArray against negative length

Other array allocation methods in the factory already do the same anyway.

Bug: chromium:1003679
Change-Id: I05201dd5d124b530eb6b578abb1486e65d076cc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806683Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63893}

src/heap/factory.cc

@@ -1739,8 +1739,7 @@ Handle<Foreign> Factory::NewForeign(Address addr) {
 }
 
 Handle<ByteArray> Factory::NewByteArray(int length, AllocationType allocation) {
-  DCHECK_LE(0, length);
-  if (length > ByteArray::kMaxLength) {
+  if (length < 0 || length > ByteArray::kMaxLength) {
     isolate()->heap()->FatalProcessOutOfMemory("invalid array length");
   }
   int size = ByteArray::SizeFor(length);
@@ -1755,8 +1754,7 @@ Handle<ByteArray> Factory::NewByteArray(int length, AllocationType allocation) {
 Handle<BytecodeArray> Factory::NewBytecodeArray(
     int length, const byte* raw_bytecodes, int frame_size, int parameter_count,
     Handle<FixedArray> constant_pool) {
-  DCHECK_LE(0, length);
-  if (length > BytecodeArray::kMaxLength) {
+  if (length < 0 || length > BytecodeArray::kMaxLength) {
     isolate()->heap()->FatalProcessOutOfMemory("invalid array length");
   }
   // Bytecode array is AllocationType::kOld, so constant pool array should be