[canvas] Check if array buffer has 32-bit compatible size

This CL replaces calls to deprecatedByteLengthAsUnsigned by calls to
byteLengthAsSizeT. If the byte length is larger then a RangeError is
thrown to avoid problems in passing a wrongly cast size to the
underlying stack.

Background: we prepare ArrayBuffers to be bigger than 4GB. Therefore we
changed the size field to size_t. Now we are changing all uses of
ByteLength to be able to deal with size_t, either by accepting a size_t,
or by throwing an exception if the size is too big.

R=senorblanco@chromium.org

Bug: chromium:1008840
Change-Id: I72e04c879eb436cd224b7fb8a48d2bc022c4c5a2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1964494Reviewed-by: Fernando Serboncini <fserb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#729389}

third_party/blink/renderer/modules/canvas/canvas2d/base_rendering_context_2d.cc

@@ -1632,12 +1632,17 @@ ImageData* BaseRenderingContext2D::getImageData(
                              NotShared<DOMArrayBufferView>(array_buffer_view),
                              color_settings);
   }
+  if (size_in_bytes > std::numeric_limits<unsigned int>::max()) {
+    exception_state.ThrowRangeError(
+        "Buffer size exceeds maximum heap object size.");
+    return nullptr;
+  }
   DOMArrayBuffer* array_buffer = DOMArrayBuffer::Create(contents);
 
   ImageData* imageData = ImageData::Create(
       image_data_rect.Size(),
       NotShared<DOMUint8ClampedArray>(DOMUint8ClampedArray::Create(
-          array_buffer, 0, array_buffer->DeprecatedByteLengthAsUnsigned())),
+          array_buffer, 0, static_cast<unsigned int>(size_in_bytes))),
       color_settings);
 
   if (!IsPaint2D()) {