Prevent potential buffer overflow in UlpfecReceiver

Bug: chromium:841962
Change-Id: I5ef0341a5fffe6b6204f5b2edbaec2d389a56964
Reviewed-on: https://webrtc-review.googlesource.com/77420
Commit-Queue: Ying Wang <yinwa@webrtc.org>
Reviewed-by: Rasmus Brandt <brandtr@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23341}

modules/rtp_rtcp/source/ulpfec_receiver_impl.cc

@@ -80,7 +80,11 @@ int32_t UlpfecReceiverImpl::AddReceivedRedPacket(
         << "Received RED packet with different SSRC than expected; dropping.";
     return -1;
   }
-
+  if (packet_length > IP_PACKET_SIZE) {
+    RTC_LOG(LS_WARNING) << "Received RED packet with length exceeds maximum IP "
+                           "packet size; dropping.";
+    return -1;
+  }
   rtc::CritScope cs(&crit_sect_);
 
   uint8_t red_header_length = 1;
@@ -180,6 +184,7 @@ int32_t UlpfecReceiverImpl::AddReceivedRedPacket(
 
   } else if (received_packet->is_fec) {
     ++packet_counter_.num_fec_packets;
+
     // everything behind the RED header
     memcpy(received_packet->pkt->data,
            incoming_rtp_packet + header.headerLength + red_header_length,