[VizHitTesting] Update HitTestQueryFuzzer to create valid FrameSinkId

The fuzzer may produce invalid FrameSinkId for hit test regions which
incorrectly breaks a DCHECK in HitTestQuery.

Bug: 1001552
Change-Id: I0207dc7c1594f847e8fd3801c121ff04cd938e13
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1796114Reviewed-by: kylechar <kylechar@chromium.org>
Commit-Queue: Yi Gu <yigu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#696034}

components/viz/host/hit_test/hit_test_query_fuzzer.cc

@@ -22,8 +22,10 @@ void AddHitTestRegion(FuzzedDataProvider* fuzz,
   constexpr uint32_t kMaxDepthAllowed = 25;
   if (fuzz->remaining_bytes() < sizeof(viz::AggregatedHitTestRegion))
     return;
-  viz::FrameSinkId frame_sink_id(fuzz->ConsumeIntegral<uint32_t>(),
-                                 fuzz->ConsumeIntegral<uint32_t>());
+  viz::FrameSinkId frame_sink_id(fuzz->ConsumeIntegralInRange<uint32_t>(
+                                     1, std::numeric_limits<uint32_t>::max()),
+                                 fuzz->ConsumeIntegralInRange<uint32_t>(
+                                     1, std::numeric_limits<uint32_t>::max()));
   uint32_t flags = fuzz->ConsumeIntegral<uint32_t>();
   // The reasons' value is kNotAsyncHitTest if the flag's value is kHitTestAsk.
   uint32_t reasons = (flags & viz::HitTestRegionFlags::kHitTestAsk)