Fix double->int conversion in ParseJSON

The previous code was triggering undefined behaviour by casting a double
to an int without testing whether it actually fit within the limits of an int.
This was causing incorrect code to be emitted by recent versions of
Clang on ARM64.

Bug: 851415
Change-Id: Ie40ded6d11377f05c92713165441324f33ac6db3
Reviewed-on: https://chromium-review.googlesource.com/1096028Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Cr-Commit-Position: refs/heads/master@{#566314}

third_party/blink/renderer/platform/json/json_parser.cc

@@ -4,6 +4,7 @@
 
 #include "third_party/blink/renderer/platform/json/json_parser.h"
 
+#include "base/numerics/safe_conversions.h"
 #include "third_party/blink/renderer/platform/decimal.h"
 #include "third_party/blink/renderer/platform/json/json_values.h"
 #include "third_party/blink/renderer/platform/wtf/text/string_builder.h"
@@ -483,9 +484,9 @@ Error BuildValue(Cursor<CharType>* cursor,
         *cursor = token_start;
         return Error::kSyntaxError;
       }
-      int number = static_cast<int>(value);
-      if (number == value)
-        *result = JSONBasicValue::Create(number);
+      if (base::IsValueInRangeForNumericType<int>(value) &&
+          static_cast<int>(value) == value)
+        *result = JSONBasicValue::Create(static_cast<int>(value));
       else
         *result = JSONBasicValue::Create(value);
       break;