Speculative fix for serializing shorthand crash.

There is no repro for this and I haven't been able to find a shorthand
that is not handled in shorthandForProperty(), or has a length > 17,
but if there is one, we might end up crashing in CommonShorthandChecks
since we both write to a stack array that has a fixed length of 17 and
we also access longhands[0] without checking if we have a non-zero
length.

Bug: 1026569
Change-Id: I86bc71947dbd663be9a96a73404f29b737f49266
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1939797Reviewed-by: Xiaocheng Hu <xiaochengh@chromium.org>
Commit-Queue: Rune Lillesveen <futhark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#719908}

third_party/blink/renderer/core/css/style_property_serializer.cc

@@ -352,7 +352,11 @@ static bool AllowInitialInShorthand(CSSPropertyID property_id) {
 String StylePropertySerializer::CommonShorthandChecks(
     const StylePropertyShorthand& shorthand) const {
   int longhand_count = shorthand.length();
-  DCHECK_LE(longhand_count, 17);
+  if (!longhand_count || longhand_count > 17) {
+    NOTREACHED();
+    return g_empty_string;
+  }
+
   const CSSValue* longhands[17] = {};
 
   bool has_important = false;