LibJS: Add bounds check to Array.prototype.{find,findIndex}

The number of iterations is limited to the initial array size, but we
still need to check if the array did shrink since then before accessing
each element.

Fixes #1992.

Libraries/LibJS/Runtime/ArrayPrototype.cpp

@@ -441,6 +441,9 @@ Value ArrayPrototype::find(Interpreter& interpreter)
     auto array_size = array->elements().size();
 
     for (size_t i = 0; i < array_size; ++i) {
+        if (i >= array->elements().size())
+            break;
+
         auto value = array->elements().at(i);
         if (value.is_empty())
             continue;
@@ -475,6 +478,9 @@ Value ArrayPrototype::find_index(Interpreter& interpreter)
     auto array_size = array->elements().size();
 
     for (size_t i = 0; i < array_size; ++i) {
+        if (i >= array->elements().size())
+            break;
+
         auto value = array->elements().at(i);
         if (value.is_empty())
             continue;