Add helper to validate JPEG decode subsampling factors

Source/platform/image-decoders/jpeg/JPEGImageDecoder.cpp

Index: Source/platform/image-decoders/jpeg/JPEGImageDecoder.cpp
diff --git a/Source/platform/image-decoders/jpeg/JPEGImageDecoder.cpp b/Source/platform/image-decoders/jpeg/JPEGImageDecoder.cpp
index 87923f6ef115839345b8e5b49ddfe3ad0c117ade..a244c936b78683a5cd049947106e37ce9377d05c 100644
--- a/Source/platform/image-decoders/jpeg/JPEGImageDecoder.cpp
+++ b/Source/platform/image-decoders/jpeg/JPEGImageDecoder.cpp
@@ -299,6 +299,21 @@ static yuv_subsampling yuvSubsampling(const jpeg_decompress_struct& info)
     return YUV_UNKNOWN;
 }
 
+bool validateSubsampling(const jpeg_decompress_struct* cinfo)
+{
+    ASSERT(cinfo->num_components);
+
+    jpeg_component_info* component = cinfo->comp_info;
+    for (int c = 0; c < cinfo->num_components; ++c, ++component) {
+        if (component->h_samp_factor == 3)
+            component->h_samp_factor = 1;
+        if (component->v_samp_factor == 3)
+            component->v_samp_factor = 1;
+    }
+
+    return true;
+}
+
 class JPEGImageReader {
     WTF_MAKE_FAST_ALLOCATED(JPEGImageReader);
 public:
@@ -396,6 +411,7 @@ public:
             return m_decoder->setFailed();
 
         J_COLOR_SPACE overrideColorSpace = JCS_UNKNOWN;
+
         switch (m_state) {
         case JPEG_HEADER:
             // Read file parameters with jpeg_read_header().
@@ -432,6 +448,9 @@ public:
                 return m_decoder->setFailed();
             }
 
+            if (!validateSubsampling(&m_info))
+                return m_decoder->setFailed();
+
             m_state = JPEG_START_DECOMPRESS;
 
             // We can fill in the size now that the header is available.