Ensure fSrcOffsetUnits is in a valid range

Bug: oss-fuzz:11114

fSrcOffsetUnits is where we start sampling from the image. It is
computed as

  (sampleX / 2) * fSrcBPP

(ignoring fSrcOffset, which is 0 for a GIF with a subset frame).
sampleX will be no wider than the full image, and we divide it by two to
sample points evenly spread through the image. But for a subset frame,
we need to use a different sampling rate to ensure that the sampled
points are within the width of the frame.

Change-Id: I4a313db096fbaea7d869927a9da5df9beb9f6706
Reviewed-on: https://skia-review.googlesource.com/c/165500
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Leon Scroggins <scroggo@google.com>

src/codec/SkSwizzler.cpp

@@ -1186,11 +1186,22 @@ int SkSwizzler::onSetSampleX(int sampleX) {
     SkASSERT(sampleX > 0);
 
     fSampleX = sampleX;
-    fSrcOffsetUnits = (get_start_coord(sampleX) + fSrcOffset) * fSrcBPP;
     fDstOffsetBytes = (fDstOffset / sampleX) * fDstBPP;
     fSwizzleWidth = get_scaled_dimension(fSrcWidth, sampleX);
     fAllocatedWidth = get_scaled_dimension(fDstWidth, sampleX);
 
+    int frameSampleX = sampleX;
+    if (fSrcWidth < fDstWidth) {
+        // Although SkSampledCodec adjusted sampleX so that it will never be
+        // larger than the width of the image (or subset, if applicable), it
+        // doesn't account for the width of a subset frame (i.e. gif). As a
+        // result, get_start_coord(sampleX) could result in fSrcOffsetUnits
+        // being wider than fSrcWidth. Compute a sampling rate based on the
+        // frame width to ensure that fSrcOffsetUnits is sensible.
+        frameSampleX = fSrcWidth / fSwizzleWidth;
+    }
+    fSrcOffsetUnits = (get_start_coord(frameSampleX) + fSrcOffset) * fSrcBPP;
+
     if (fDstOffsetBytes > 0) {
         const size_t dstSwizzleBytes   = fSwizzleWidth   * fDstBPP;
         const size_t dstAllocatedBytes = fAllocatedWidth * fDstBPP;