qcacld-3.0: Fix possible OOB write in wma_update_intf_hw_mode_params

In the function wma_update_intf_hw_mode_params, vdev_id received
from caller wma_pdev_set_hw_mode_resp_evt_handler, is used as
the array index for wma->interfaces. If vdev_id exceeds
wma->max_bssid then a possible OOB write could occur.

Add check to validate vdev_id against wma->max_bssid. Print
error if it exceeds.

Change-Id: I3ddf5e1b24fbd2bd401ac879219300857d05e4b7
CRs-Fixed: 2243990

core/wma/src/wma_main.c

@@ -3831,6 +3831,12 @@ static int wma_pdev_set_hw_mode_resp_evt_handler(void *handle,
 			QDF_BUG(0);
 			goto fail;
 		}
+		if (vdev_id >= wma->max_bssid) {
+			WMA_LOGE("%s: vdev_id: %d is invalid, max_bssid: %d",
+				 __func__, vdev_id, wma->max_bssid);
+			goto fail;
+		}
+
 		mac_id = WMA_PDEV_TO_MAC_MAP(vdev_mac_entry[i].pdev_id);
 
 		WMA_LOGD("%s: vdev_id:%d mac_id:%d",
@@ -3921,6 +3927,11 @@ void wma_process_pdev_hw_mode_trans_ind(void *handle,
 			QDF_BUG(0);
 			return;
 		}
+		if (vdev_id >= wma->max_bssid) {
+			WMA_LOGE("%s: vdev_id: %d is invalid, max_bssid: %d",
+				 __func__, vdev_id, wma->max_bssid);
+			return;
+		}
 
 		mac_id = WMA_PDEV_TO_MAC_MAP(vdev_mac_entry[i].pdev_id);