Enforce component ads limit on additional bids.

For bids created by a call to generateBid(), the auction limits the
number of component ads to no more than 20, as described at
https://github.com/WICG/turtledove/blob/main/FLEDGE.md#34-ads-composed-of-multiple-pieces
and enforced in InterestGroupAuction::BuyerHelper::TryToCreateBid
(content/browser/interest_group/interest_group_auction.cc).
For consistency, we're applying the same limit to component ads included
in additional bids.

(cherry picked from commit 6485e10)

Change-Id: I56a96610e92d95883f0f8a29b0ac3cdc9ea4aee2
Bug: 1464874
Bug: 1483264
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4864329
Reviewed-by: Qingxin Wu <qingxinwu@google.com>
Commit-Queue: Orr Bernstein <orrb@google.com>
Cr-Original-Commit-Position: refs/heads/main@{#1196955}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4868684
Cr-Commit-Position: refs/branch-heads/5993@{#379}
Cr-Branched-From: 5113507-refs/heads/main@{#1192594}

content/browser/interest_group/additional_bids_util.cc

@@ -24,6 +24,7 @@
 #include "content/browser/interest_group/interest_group_auction.h"
 #include "content/common/content_export.h"
 #include "third_party/abseil-cpp/absl/types/optional.h"
+#include "third_party/blink/public/common/interest_group/ad_auction_constants.h"
 #include "third_party/blink/public/common/interest_group/ad_display_size.h"
 #include "third_party/boringssl/src/include/openssl/curve25519.h"
 #include "url/origin.h"
@@ -259,6 +260,12 @@ base::expected<AdditionalBidDecodeResult, std::string> DecodeAdditionalBid(
           {"Additional bid on auction with seller '", seller.Serialize(),
            "' rejected due to invalid adComponents."}));
     }
+    if (ad_components_list->size() > blink::kMaxAdAuctionAdComponents) {
+      return base::unexpected(base::StrCat(
+          {"Additional bid on auction with seller '", seller.Serialize(),
+           "' rejected due to too many ad component URLs."}));
+    }
+
     synth_interest_group->interest_group.ad_components.emplace();
     for (const base::Value& ad_component : *ad_components_list) {
       const std::string* ad_component_str = ad_component.GetIfString();

content/browser/interest_group/additional_bids_util_unittest.cc

@@ -22,6 +22,7 @@
 #include "testing/gmock/include/gmock/gmock-matchers.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/abseil-cpp/absl/types/optional.h"
+#include "third_party/blink/public/common/interest_group/ad_auction_constants.h"
 #include "third_party/blink/public/common/interest_group/ad_display_size.h"
 #include "third_party/boringssl/src/include/openssl/curve25519.h"
 #include "url/gurl.h"
@@ -710,6 +711,26 @@ TEST_F(AdditionalBidsUtilTest, InvalidAdComponentsEntry) {
       result.error());
 }
 
+TEST_F(AdditionalBidsUtilTest, TooManyAdComponents) {
+  base::Value::Dict additional_bid_dict = MakeMinimalValid();
+  base::Value::List ad_components_list;
+  for (size_t i = 0; i < blink::kMaxAdAuctionAdComponents + 1; ++i) {
+    ad_components_list.Append("https://en.wikipedia.test/wiki/Locomotive");
+  }
+  additional_bid_dict.SetByDottedPath("bid.adComponents",
+                                      std::move(ad_components_list));
+  base::Value input(std::move(additional_bid_dict));
+
+  auto result = DecodeAdditionalBid(
+      /*auction=*/nullptr, input, kAuctionNonce, kInterestGroupBuyers, kSeller,
+      base::optional_ref<const url::Origin>(kTopSeller));
+  ASSERT_FALSE(result.has_value());
+  EXPECT_EQ(
+      "Additional bid on auction with seller 'https://seller.test' rejected "
+      "due to too many ad component URLs.",
+      result.error());
+}
+
 TEST_F(AdditionalBidsUtilTest, ValidAdComponents) {
   base::Value::Dict additional_bid_dict = MakeMinimalValid();
   base::Value::List ad_components_list;