Cherry-pick fix for WebCursor security issue

Fix an overflow in WebCursor.

I also added log message just in case a user has an issue with erroneous but unmalicious web cursor.

BUG=565023

Review URL: https://codereview.chromium.org/1498903003

Change-Id: I1749faa42072739525028762b8435d33ed3c61c8
Reviewed-by: Joerg Bornemann <[email protected]>
Reviewed-by: Michael Brüning <[email protected]>

Author: carewolf

chromium/content/common/cursors/webcursor.cc

@@ -112,8 +112,12 @@ bool WebCursor::Deserialize(PickleIterator* iter) {
     if (size_x > 0 && size_y > 0) {
       // The * 4 is because the expected format is an array of RGBA pixel
       // values.
-      if (size_x * size_y * 4 > data_len)
+      if (size_x * size_y * 4 != data_len) {
+        LOG(WARNING) << "WebCursor's data length and image size mismatch: "
+                     << size_x << "x" << size_y << "x4 != "
+                     << data_len;
         return false;
+      }
 
       hotspot_.set_x(hotspot_x);
       hotspot_.set_y(hotspot_y);