Fix off-by-one bounds checking bug.

It's reasonable for a zero-length field to have its start offset
placed exactly at on the edge of the underlying buffer; we'll catch
any buffer overflows moments later when we verify the end offset
calculated from bufferSize.

Bug: 169547603
Test: atest libandroidfw_tests
Test: atest CtsDatabaseTestCases
Test: atest FrameworksCoreTests:android.database
Change-Id: I3d955f222343bd7ae63eaba7e367126dc136ecdf