io-xbm: Fix potential overflows in read_bitmap_file_data()

ww and hh are both potentially tainted data (as they come from a
potentially attacker controlled file), so we need to ensure that all
arithmetic is bounds checked.

Coverity ID: 1388540

https://bugzilla.gnome.org/show_bug.cgi?id=777374