blink: Fix DCHECK failure in image_decoder due to invalid image parsing

This CL fixes a DCHECK failure (exposed by ClusterFuzz) when
attempting to create an cc::ImageHeaderMetadata via
ImageDecoder::MakeMetadataForDecodeAcceleration when
DeferredImageDecoder::PrepareLazyDecodedFrames is executed for the first
time with an underlying invalid image.

Bug: 1014047
Change-Id: I027d0649a775fb854079cedaab6522397e537fb8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1863376
Commit-Queue: Gil Dekel <gildekel@chromium.org>
Reviewed-by: Andres Calderon Jaramillo <andrescj@chromium.org>
Reviewed-by: Khushal <khushalsagar@chromium.org>
Cr-Commit-Position: refs/heads/master@{#707118}

third_party/blink/renderer/platform/graphics/deferred_image_decoder.cc

@@ -396,11 +396,18 @@ void DeferredImageDecoder::PrepareLazyDecodedFrames() {
   if (!metadata_decoder_ || !metadata_decoder_->IsSizeAvailable())
     return;
 
+  if (!image_metadata_)
+    image_metadata_ = metadata_decoder_->MakeMetadataForDecodeAcceleration();
+
   ActivateLazyDecoding();
 
   const size_t previous_size = frame_data_.size();
   frame_data_.resize(metadata_decoder_->FrameCount());
 
+  // The decoder may be invalidated during a FrameCount(). Simply bail if so.
+  if (metadata_decoder_->Failed())
+    return;
+
   // We have encountered a broken image file. Simply bail.
   if (frame_data_.size() < previous_size)
     return;
@@ -423,9 +430,6 @@ void DeferredImageDecoder::PrepareLazyDecodedFrames() {
       metadata_decoder_->CanDecodeToYUV() && all_data_received_ &&
       !frame_generator_->IsMultiFrame();
 
-  if (!image_metadata_)
-    image_metadata_ = metadata_decoder_->MakeMetadataForDecodeAcceleration();
-
   // If we've received all of the data, then we can reset the metadata decoder,
   // since everything we care about should now be stored in |frame_data_|.
   if (all_data_received_) {