Fixed more fuzzer issues

src/core/SkColorTable.cpp

Index: src/core/SkColorTable.cpp
diff --git a/src/core/SkColorTable.cpp b/src/core/SkColorTable.cpp
index c719defe869359af969b7f571ad6a2bb720cb566..12ec43ec98013f9e1f87510ff1714914572c8f52 100644
--- a/src/core/SkColorTable.cpp
+++ b/src/core/SkColorTable.cpp
@@ -90,8 +90,15 @@ SkColorTable::SkColorTable(SkFlattenableReadBuffer& buffer) {
 
     fAlphaType = SkToU8(buffer.readUInt());
     fCount = buffer.getArrayCount();
-    fColors = (SkPMColor*)sk_malloc_throw(fCount * sizeof(SkPMColor));
-    SkDEBUGCODE(bool success =) buffer.readColorArray(fColors, fCount);
+    size_t allocSize = fCount * sizeof(SkPMColor);
+    SkDEBUGCODE(bool success = false;)
+    if (buffer.validateAvailable(allocSize)) {

[Stephen White, 2013/12/18 00:01:14]

Not new to this patch, but I'm really starting to wonder if we should get rid of
these constructors, and replace them with factory functions that take an
SkFlattenableReadBuffer& instead. Then we could early-out and return NULL
whenever validation fails, and not worry about partially-initialized objects.

+        fColors = (SkPMColor*)sk_malloc_throw(allocSize);
+        SkDEBUGCODE(success =) buffer.readColorArray(fColors, fCount);
+    } else {
+        fCount = 0;
+        fColors = NULL;
+    }
 #ifdef SK_DEBUG
     SkASSERT((unsigned)fCount <= 256);
     SkASSERT(success);