WPrefs: add check for image validity in 'loadRImage' (Coverity #50221, #50081)

As pointed by Coverity, the function blindly trust the data read from the
file, but in case of problem (corrupted file, not enough memory) it could
behave badly.

This patch adds a check for the depth, counts on RCreateImage to check the
width and height, and in any case it now includes a message for the user in
case he would like to understand what's wrong.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>

WPrefs.app/Appearance.c

@@ -1310,10 +1310,22 @@ static Pixmap loadRImage(WMScreen * scr, const char *path)
 
 	cnt = fscanf(f, "%02x%02x%1x", &w, &h, &d);
 	if (cnt != 3) {
+		wwarning(_("could not read size of image from '%s', ignoring"), path);
+		fclose(f);
+		return None;
+	}
+	if (d < 3 || d > 4) {
+		wwarning(_("image \"%s\" has an invalid depth of %d, ignoring"), path, d);
 		fclose(f);
 		return None;
 	}
 	image = RCreateImage(w, h, d == 4);
+	if (image == NULL) {
+		wwarning(_("could not create RImage for \"%s\": %s"),
+		         path, RMessageForError(RErrorCode));
+		fclose(f);
+		return None;
+	}
 	read_size = w * h * d;
 	if (fread(image->data, 1, read_size, f) == read_size)
 		RConvertImage(WMScreenRContext(scr), image, &pixmap);