Merge into M52 Fix buffer overflow parsing malformed rtp packet
that has one-byte length extension going past extensions block

Original CL: https://codereview.webrtc.org/2064403002

BUG=chromium:620277
R=asapersson@webrtc.org

Review URL: https://codereview.webrtc.org/2080313002 .

Cr-Commit-Position: refs/branch-heads/52@{#7}
Cr-Branched-From: a376e70cf9d0df3c35d53533b454da542661775b-refs/heads/master@{#12798}
diff --git a/webrtc/modules/rtp_rtcp/source/rtp_utility.cc b/webrtc/modules/rtp_rtcp/source/rtp_utility.cc
index bdae3c4..439cd01 100644
--- a/webrtc/modules/rtp_rtcp/source/rtp_utility.cc
+++ b/webrtc/modules/rtp_rtcp/source/rtp_utility.cc
@@ -319,6 +319,13 @@
       return;
     }
 
+    if (ptrRTPDataExtensionEnd - ptr < (len + 1)) {
+      LOG(LS_WARNING) << "Incorrect one-byte extension len: " << (len + 1)
+                      << ", bytes left in buffer: "
+                      << (ptrRTPDataExtensionEnd - ptr);
+      return;
+    }
+
     RTPExtensionType type;
     if (ptrExtensionMap->GetType(id, &type) != 0) {
       // If we encounter an unknown extension, just skip over it.