Prevent signed integer overflow in pixel_shuffle size calculation

Summary:
The size calculation in `get_pixel_shuffle_out_target_size` can trigger signed integer overflow (UB) with very large upscale_factors. This manifested as an integer division by zero fault during fuzzing.

Specifically, the calculation of `upscale_factor * upscale_factor` ([source](https://github.com/pytorch/executorch/blob/04f1e4d22383ffcbc770acf5002348e3f95082a2/kernels/portable/cpu/util/copy_ops_util.cpp#L364)) can overflow. In the motivating case, SizesType is a signed 32-bit integer and upscale_factor = 2^17.

Since this is an impractically large upscale factor, I'm just adding a constraint that upscale_factor < 32768 (2^15). In theory, SizesType could be defined as less than 32 bits, but this seems unlikely in practice. I check this upper bound in `check_pixel_shuffle_args` and also assert in `get_pixel_shuffle_out_target_size` to ensure we don't hit UB.

Differential Revision: D88693324

Author: GregoryComer

kernels/portable/cpu/util/copy_ops_util.cpp

@@ -330,6 +330,8 @@ bool check_pixel_shuffle_args(
   ET_LOG_AND_RETURN_IF_FALSE(upscale_factor > 0);
   ET_LOG_AND_RETURN_IF_FALSE(
       in.size(in.dim() - 3) % (upscale_factor * upscale_factor) == 0);
+  ET_LOG_AND_RETURN_IF_FALSE(
+      upscale_factor < 32768); // Prevent overflow when computing upscale_factor ^ 2.
   return true;
 }
 
@@ -351,6 +353,10 @@ void get_pixel_shuffle_out_target_size(
     int64_t upscale_factor,
     executorch::aten::SizesType* out_sizes,
     size_t* out_ndim) {
+  // Prevent signed integer overflow when computing upscale_factor ^ 2.
+  // This constraint is checked in check_pixel_shuffle_args.
+  ET_CHECK(upscale_factor < 32768);
+
   *out_ndim = in.dim();
   const executorch::aten::SizesType casted_upscale_factor = upscale_factor;