[Backport] Security bug 431828026

Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/6781180:
Merged: [arm64] Consider branch when skipping a veener pool

... in InstructionAccurateScope.

Bug: 431828026

(cherry picked from commit 53786ab8bc425bb0fa25c5ea5f8c5a3ee6ef2481)

Change-Id: I60416714d2b3b5f7876d5eb4bd6467898d3b9226
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6781180
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/branch-heads/13.8@{#60}
Cr-Branched-From: 61ddd471ece346840bbebbb308dceb4b4ce31b28-refs/heads/13.8.258@{#1}
Cr-Branched-From: fdb5de2c741658e94944f2ec1218530e98601c23-refs/heads/main@{#100480}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/665029
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Author: victorgomes

chromium/v8/src/codegen/arm64/macro-assembler-arm64.h

@@ -2372,7 +2372,9 @@ class V8_NODISCARD InstructionAccurateScope {
 #endif
   {
     DCHECK_GT(count, 0);
-    masm_->CheckVeneerPool(false, true, count * kInstrSize);
+    // We include the branch instruction in the veneer distance margin if we
+    // need to emit a veneer pool.
+    masm_->CheckVeneerPool(false, true, (count + 1) * kInstrSize);
     masm_->StartBlockVeneerPool();
 #ifdef DEBUG
     masm_->bind(&start_);