[sfnt] Pointer sanity checks before reading layer info in COLRv0
- src/sfnt/ttcolr.c (tt_face_get_colr_layer): Check that the pointer to
read from is at least within the
COLR
table.
Speculative fix for: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50633