red: ensure minimum amount of header bytes

avoids out-of-bounds reads when splitting RED packets.

Bug: webrtc:11640
Change-Id: I38beb5b373c4faa878f627a5df17dd4db9ea20cf
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/185804
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Commit-Queue: Philipp Hancke <philipp.hancke@googlemail.com>
Cr-Commit-Position: refs/heads/master@{#32239}

modules/audio_coding/neteq/red_payload_splitter_unittest.cc

@@ -31,7 +31,6 @@ namespace webrtc {
 
 static const int kRedPayloadType = 100;
 static const size_t kPayloadLength = 10;
-static const size_t kRedHeaderLength = 4;  // 4 bytes RED header.
 static const uint16_t kSequenceNumber = 0;
 static const uint32_t kBaseTimestamp = 0x12345678;
 
@@ -368,4 +367,25 @@ TEST(RedPayloadSplitter, WrongPayloadLength) {
   packet_list.pop_front();
 }
 
+// Test that we reject packets too short to contain a RED header.
+TEST(RedPayloadSplitter, RejectsIncompleteHeaders) {
+  RedPayloadSplitter splitter;
+
+  uint8_t payload_types[] = {0, 0};
+  const int kTimestampOffset = 160;
+
+  PacketList packet_list;
+
+  // Truncate the packet such that the first block can not be parsed.
+  packet_list.push_back(CreateRedPayload(2, payload_types, kTimestampOffset));
+  packet_list.front().payload.SetSize(4);
+  EXPECT_FALSE(splitter.SplitRed(&packet_list));
+  EXPECT_FALSE(packet_list.empty());
+
+  // Truncate the packet such that the first block can not be parsed.
+  packet_list.front().payload.SetSize(3);
+  EXPECT_FALSE(splitter.SplitRed(&packet_list));
+  EXPECT_FALSE(packet_list.empty());
+}
+
 }  // namespace webrtc