Limit max frame size in DAV1D decoder

Bug: chromium:325284120
Change-Id: Iea0aea0a17bb0b1f73b3c1cbd408b7a6cd2b216e
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/340180
Commit-Queue: Sergey Silkin <ssilkin@webrtc.org>
Reviewed-by: Erik Språng <sprang@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#41776}
diff --git a/modules/video_coding/codecs/av1/dav1d_decoder.cc b/modules/video_coding/codecs/av1/dav1d_decoder.cc
index 6a787ff..d658e40 100644
--- a/modules/video_coding/codecs/av1/dav1d_decoder.cc
+++ b/modules/video_coding/codecs/av1/dav1d_decoder.cc
@@ -87,6 +87,8 @@
   s.n_threads = std::max(2, settings.number_of_cores());
   s.max_frame_delay = 1;   // For low latency decoding.
   s.all_layers = 0;        // Don't output a frame for every spatial layer.
+  // Limit max frame size to avoid OOM'ing fuzzers. crbug.com/325284120.
+  s.frame_size_limit = 16384 * 16384;
   s.operating_point = 31;  // Decode all operating points.
 
   return dav1d_open(&context_, &s) == 0;