qcacld-3.0: Fix potential buffer overflow in radio stats event handler

In function wma_unified_radio_tx_power_level_stats_event_handler,
radio_id is checked if it is greater than num_radio. However, radio_id
is an array index and its range is 0 to (num_radio-1). So if radio_id
is equal to num_radio, a buffer overflow would occur while accessing
the array link_stats_results->results.

Fix sanity check to return error if radio_id is greater than or equal
to num_radio in wma_unified_radio_tx_power_level_stats_event_handler.
Also added sanity check for radio_id against num_radio in the function
wma_unified_link_radio_stats_event_handler as similar buffer overflow
can occur.

Change-Id: Ib48e8388206f28e7b2cb80177363655008a109e6
CRs-Fixed: 2209106

0 files changed, 0 insertions, 0 deletions