Cap image size when fuzzing image decoder

Bug: chromium:992979, chromium:1009074
Change-Id: I7c0a1e5a3bfcea05314db3ab57de518b7acaf5f3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1855628
Auto-Submit: Kuang-che Wu <kcwu@chromium.org>
Reviewed-by: Leon Scroggins <scroggo@chromium.org>
Commit-Queue: Kuang-che Wu <kcwu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#705602}

third_party/blink/renderer/platform/image-decoders/image_frame.cc

@@ -122,6 +122,10 @@ bool ImageFrame::AllocatePixelData(int new_width,
                                    sk_sp<SkColorSpace> color_space) {
   // AllocatePixelData() should only be called once.
   DCHECK(!Width() && !Height());
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+  if (new_width > 1000 || new_height > 1000)
+    return false;
+#endif
 
   SkImageInfo info = SkImageInfo::MakeN32(
       new_width, new_height,