Skip fuzzing accessibility trees with too many nodes.

Clusterfuzz tries running this code with random inputs, and
we got a bug that one input made it time out - but the issue
was that the input was super large. It's not surprising that
it would time out if you give it enough nodes.

I set the limit at 500,000 nodes for release mode, which is larger
than any web page I've ever seen. For debug mode I set it at 50,000
nodes because larger than that can time out.

Bug: 944999
Change-Id: I50b57153876a65f92c5a88677bdffe64b8c7ae7f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1574622Reviewed-by: Katie Dektar <katie@chromium.org>
Commit-Queue: Dominic Mazzoni <dmazzoni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#652364}

ui/accessibility/ax_tree_fuzzer.cc

@@ -26,6 +26,17 @@ extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) {
     initial_state.nodes.push_back(node);
   }
 
+  // Don't test absurdly large trees, it might time out.
+#if defined(NDEBUG)
+  constexpr size_t kMaxNodes = 500000;
+#else
+  constexpr size_t kMaxNodes = 50000;
+#endif
+  if (initial_state.nodes.size() > kMaxNodes) {
+    LOG(WARNING) << "Skipping input because it's too large";
+    return 0;
+  }
+
   // Run with --v=1 to aid in debugging a specific crash.
   VLOG(1) << "Input accessibility tree:\n" << initial_state.ToString();