Fix heap corruption risk in Amiga ILBM decoder

[segrax]

Motivation

• The ILBM/LBM decoder cGraphics_Amiga::DecodeIFF(const std::string&) trusted file-declared FORM/chunk sizes, BMHD dimensions, plane counts, and RLE packet lengths, which allowed crafted local .lbm assets to cause out-of-bounds reads/writes and heap corruption.
• The change hardens parsing and allocation to prevent exploitation while preserving decoding behavior for valid assets.

Description

• Added safe buffer bounds management by introducing DataBegin/DataEnd, ReadAvailable, and SkipBytes, and clamped the declared FORM size to the actual buffer length.
• Validated BMHD chunk size and ensured a valid BMHD header is present before decoding BODY, and advanced parsing using padded chunk lengths to avoid trusting chunk size fields.
• Reworked BODY RLE decoding to compute safe Width/Height/Planes, use overflow-checked allocation (assign with computed DataSize), validate per-packet availability, clamp run lengths to remaining row width, and use memcpy/memset for bounded copies.
• Prevented palette overflow in CMAP by checking i < Result.mPalette.size() and ensured chunk bytes are consumed correctly; all changes are contained to Source/Amiga/Graphics_Amiga.cpp and do not change public APIs.

Testing

• Performed repository-level validation commands and inspections: git diff/nl -ba to review the modified DecodeIFF implementation and confirmed the patch was committed (git commit), all of which succeeded.
• Earlier automated ASan harness and targeted test inputs demonstrated the original read/write overflows; those findings motivated this fix.
• A full project build and instrumented runtime tests could not be executed in this environment because SDL development files are unavailable (sdl2-config: not found / missing SDL.h), so the ASan harness was not re-run here.
• No API/ABI changes were introduced and the patch is limited to parser hardening in Source/Amiga/Graphics_Amiga.cpp.

---

Codex Task