The issue was found while fuzzing opencv:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47342
The read overflow triggered by reading `src[j]` in
```cpp
for (j = 0; j < max; ++j) {
dst[j] = src[j];
}
```
The max is calculated as `new_comps[pcol].w * new_comps[pcol].h`, however the `src = old_comps[cmp].data;` which may have different `w` and `h` dimensions.
pcol = cmap[i].pcol;
src = old_comps[cmp].data;
assert(src); /* verified above */
- max = new_comps[pcol].w * new_comps[pcol].h;
+ max = new_comps[i].w * new_comps[i].h;
/* Direct use: */
if (cmap[i].mtyp == 0) {