Fix a buffer overflow in blink::HarfBuzzShaper::resolveCandidateRuns()

Source/platform/fonts/shaping/HarfBuzzShaper.cpp

Index: Source/platform/fonts/shaping/HarfBuzzShaper.cpp
diff --git a/Source/platform/fonts/shaping/HarfBuzzShaper.cpp b/Source/platform/fonts/shaping/HarfBuzzShaper.cpp
index 87441d9949bf6605d59449f628701d2e0c2de1b8..a90b9252c8752960a9b220d2bf0cb1a36bc95377 100644
--- a/Source/platform/fonts/shaping/HarfBuzzShaper.cpp
+++ b/Source/platform/fonts/shaping/HarfBuzzShaper.cpp
@@ -702,7 +702,7 @@ static inline void resolveRunBasedOnScriptValue(Vector<CandidateRun>& runs,
 
 static inline bool resolveCandidateRuns(Vector<CandidateRun>& runs)
 {
-    UScriptCode scriptExtensions[8];
+    UScriptCode scriptExtensions[USCRIPT_CODE_LIMIT];
     UErrorCode errorCode = U_ZERO_ERROR;
     size_t length = runs.size();
     size_t nextResolvedRun = 0;
@@ -714,7 +714,8 @@ static inline bool resolveCandidateRuns(Vector<CandidateRun>& runs)
             run.script = i > 0 ? runs[i - 1].script : USCRIPT_COMMON;
 
         int extensionsLength = uscript_getScriptExtensions(run.character,
-            scriptExtensions, sizeof(scriptExtensions), &errorCode);
+            scriptExtensions, sizeof(scriptExtensions) / sizeof(scriptExtensions[0]),
+            &errorCode);
         if (U_FAILURE(errorCode))
             return false;