qcacmn: Add sanity check to avoid len overflow issue in WMI event data

In WMI/WMA, data from event buffer from FW is used without
sanity checks for upper limit in multiple places. This might
lead to a potential integer overflow further leading to buffer
corruption

Add upper bound checks for max limit of event buffer (1536)
in all affected places to prevent the potential integer
overflow

Change-Id: Ic9194a27c4a4c63fc68ff7fc61165a53e66ca4f4
CRs-Fixed: 2095545

wmi/inc/wmi_unified_param.h

@@ -93,6 +93,7 @@
 #define WMI_MSEC_TO_USEC(msec)       (msec * 1000) /* msec to usec */
 #define WMI_NLO_FREQ_THRESH          1000       /* in MHz */
 
+#define WMI_SVC_MSG_MAX_SIZE   1536
 #define MAX_UTF_EVENT_LENGTH	2048
 #define MAX_WMI_UTF_LEN	252
 #define MAX_WMI_QVIT_LEN	252

wmi/src/wmi_unified_tlv.c

@@ -12447,6 +12447,13 @@ static QDF_STATUS send_log_supported_evt_cmd_tlv(wmi_unified_t wmi_handle,
 	if (wmi_handle->events_logs_list)
 		qdf_mem_free(wmi_handle->events_logs_list);
 
+	if (num_of_diag_events_logs >
+		(WMI_SVC_MSG_MAX_SIZE / sizeof(uint32_t))) {
+		WMI_LOGE("%s: excess num of logs:%d", __func__,
+			num_of_diag_events_logs);
+		QDF_ASSERT(0);
+		return QDF_STATUS_E_INVAL;
+	}
 	/* Store the event list for run time enable/disable */
 	wmi_handle->events_logs_list = qdf_mem_malloc(num_of_diag_events_logs *
 			sizeof(uint32_t));