bug#56553: 29.0.50; ASAN error with fringe bitmaps on NS

[Gerd Möllmann]

In GNU Emacs 29.0.50 (build 1, aarch64-apple-darwin21.5.0, NS appkit-2113.50 
Version 12.4 (Build 21F79))
 of 2022-07-12 built on Mini.fritz.box
Repository revision: f209650e41d59356a90b5a602abc60c6783bc7b1

This is a Spacemacs profile, with a lot of fringe bitmaps.  The error
happens right after hitting 'q' on the startup screen, when the first
fringe bitmap is displayed.

thread #1: tid = 0x3d47c, 0x0000000103dc4870 
libclang_rt.asan_osx_dynamic.dylib`__asan::AsanDie(), queue = 
'com.apple.main-thread', stop reason = Heap buffer overflow

{
  "access_size": 2,
  "access_type": 0,
  "address": 4402845816,
  "description": "heap-buffer-overflow",
  "instrumentation_class": "AddressSanitizer",
  "pc": 4313240244,
  "stop_type": "fatal_error"
}

frame #5: 0x000000010116d2b4 emacs`ns_define_fringe_bitmap(which=27, 
bits=0x00000001066e1860, h=12, w=16) at nsterm.m:2906:20
   2903         /* XBM rows are always round numbers of bytes, with any unused
   2904            bits ignored.  */
   2905         int byte = y * (w/8 + (w%8 ? 1 : 0)) + x/8;
-> 2906         bool bit = bits[byte] & (0x80 >> x%8);
   2907         if (bit)
   2908           [p appendBezierPathWithRect:NSMakeRect (x, y, 1, 1)];
   2909       }
(lldb) p byte
(int) $22 = 12

frame #6: 0x0000000101079128 emacs`init_fringe_bitmap(which=27, 
fb=0x00000001066e1850, once_p=0) at fringe.c:1520:2
   1517       destroy_fringe_bitmap (which);
   1518 
   1519       if (rif && rif->define_fringe_bitmap)
-> 1520         rif->define_fringe_bitmap (which, fb->bits, fb->height, 
fb->width);
   1521 
   1522       fringe_bitmaps[which] = fb;
   1523       if (which >= max_used_fringe_bitmap)
(lldb) p *fb
(fringe_bitmap) $21 = {
  bits = 0x00000001066e1860
  height = 12
  width = 16
  period = 0
  align = 0
  dynamic = true
}