Fix buffer overflow parsing malformed rtp packet

that has one-byte length extension going past extensions block

BUG=chromium:620277
R=asapersson@webrtc.org

Review URL: https://codereview.webrtc.org/2064403002 .

Cr-Commit-Position: refs/heads/master@{#13168}

webrtc/modules/rtp_rtcp/source/rtp_utility.cc

@@ -323,6 +323,13 @@ void RtpHeaderParser::ParseOneByteExtensionHeader(
       return;
     }
 
+    if (ptrRTPDataExtensionEnd - ptr < (len + 1)) {
+      LOG(LS_WARNING) << "Incorrect one-byte extension len: " << (len + 1)
+                      << ", bytes left in buffer: "
+                      << (ptrRTPDataExtensionEnd - ptr);
+      return;
+    }
+
     RTPExtensionType type;
     if (ptrExtensionMap->GetType(id, &type) != 0) {
       // If we encounter an unknown extension, just skip over it.