Fix integer overflows in FuzzedDataProvider.

R=mmoroz@chromium.org,ochang@chromium.org

Bug: 909950
Change-Id: I00c7a8dcab631a8e4f7334847733c4a10a1376f0
Reviewed-on: https://chromium-review.googlesource.com/c/1354684Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Oliver Chang <ochang@chromium.org>
Commit-Queue: Abhishek Arya <inferno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#612296}

base/test/fuzzed_data_provider.h

@@ -87,7 +87,7 @@ class FuzzedDataProvider {
       abort();
 
     // Use the biggest type possible to hold the range and the result.
-    uint64_t range = max - min;
+    uint64_t range = static_cast<uint64_t>(max) - min;
     uint64_t result = 0;
     size_t offset = 0;
 
@@ -108,7 +108,7 @@ class FuzzedDataProvider {
     if (range != std::numeric_limits<decltype(range)>::max())
       result = result % (range + 1);
 
-    return min + static_cast<T>(result);
+    return static_cast<T>(min + result);
   }
 
   // Returns a std::string of length from 0 to |max_length|. When it runs out of