Chrome NewFixedDoubleArray Integer Overflow

Chrome: Integer overflow in NewFixedDoubleArray VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle Factory::NewFixedDoubleArrayint length, PretenureFlag pretenure DCHECKLE0, length; if length == 0 return...