LibGfx/WOFF2: Reject fonts with a compressed size larger than 10MiB

This prevents a potential OOM condition when the header is malformed.

Tests/LibGfx/TestWOFF2.cpp

@@ -20,3 +20,16 @@ TEST_CASE(tolerate_incorrect_sfnt_size)
     EXPECT_EQ(font->family(), "Test"_string);
     EXPECT_EQ(font->glyph_count(), 4u);
 }
+
+TEST_CASE(malformed_woff2)
+{
+    Array test_inputs = {
+        TEST_INPUT("woff2/incorrect_compressed_size.woff2"sv)
+    };
+
+    for (auto test_input : test_inputs) {
+        auto file = MUST(Core::MappedFile::map(test_input));
+        auto font_or_error = WOFF2::Font::try_load_from_externally_owned_memory(file->bytes());
+        EXPECT(font_or_error.is_error());
+    }
+}

Userland/Libraries/LibGfx/Font/WOFF2/Font.cpp

@@ -859,6 +859,8 @@ ErrorOr<NonnullRefPtr<Font>> Font::try_load_from_externally_owned_memory(Seekabl
     static constexpr size_t MAX_BUFFER_SIZE = 10 * MiB;
     if (header.length > TRY(stream.size()))
         return Error::from_string_literal("Invalid WOFF length");
+    if (header.total_compressed_size > MAX_BUFFER_SIZE)
+        return Error::from_string_literal("Compressed font is more than 10 MiB");
     if (header.meta_length == 0 && header.meta_offset != 0)
         return Error::from_string_literal("Invalid WOFF meta block offset");
     if (header.priv_length == 0 && header.priv_offset != 0)