qcacmn: Fix possible OOB read in extract_reg_cap_service_ready_ext_tlv

OOB read can occur while handling WMI_SERVICE_READY_EXT_EVENTID event
when large invalid num_phy received in that event, as this value is used
as index to array.

Change-Id: I0e80d04d19160e219028b07599a8b9953a798fb2
CRs-Fixed: 2374726

wmi/src/wmi_unified_tlv.c

@@ -9337,6 +9337,9 @@ static QDF_STATUS extract_reg_cap_service_ready_ext_tlv(
 	if (!reg_caps)
 		return QDF_STATUS_E_INVAL;
 
+	if (reg_caps->num_phy > param_buf->num_hal_reg_caps)
+		return QDF_STATUS_E_INVAL;
+
 	if (phy_idx >= reg_caps->num_phy)
 		return QDF_STATUS_E_INVAL;