qcacld-3.0: Add null pointer check and fix buffer overflow in sap

Add null pointer validation and fix possible buffer overflow issue
in sap module.

Change-Id: I314e07a31368dd3ca854b9aeab4a0bce0402a81b
CRs-Fixed: 2162246

core/sap/src/sap_api_link_cntl.c

@@ -841,6 +841,12 @@ static void wlansap_update_vendor_acs_chan(tpAniSirGlobal mac_ctx,
 	tHalHandle hal;
 
 	hal = CDS_GET_HAL_CB();
+	if (!hal) {
+		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+			  FL("null hal"));
+		return;
+	}
+
 	mac_ctx->sap.SapDfsInfo.target_channel =
 				sap_ctx->dfs_vendor_channel;
 

core/sap/src/sap_ch_select.c

@@ -2507,7 +2507,7 @@ uint8_t sap_select_channel(tHalHandle hal, struct sap_context *sap_ctx,
 	uint8_t best_ch_num = SAP_CHANNEL_NOT_SELECTED;
 	uint32_t ht40plus2gendch = 0;
 	v_REGDOMAIN_t domain;
-	uint8_t country[CDS_COUNTRY_CODE_LEN];
+	uint8_t country[CDS_COUNTRY_CODE_LEN + 1];
 #ifdef SOFTAP_CHANNEL_RANGE
 	uint8_t count;
 	uint32_t start_ch_num, end_ch_num, tmp_ch_num, operating_band = 0;

core/sap/src/sap_fsm.c

@@ -1820,6 +1820,12 @@ QDF_STATUS sap_goto_channel_sel(struct sap_context *sap_context,
 						mac_ctx->psoc,
 						sap_context->self_mac_addr,
 						WLAN_LEGACY_SME_ID);
+		if (!vdev) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid vdev objmgr"));
+			return QDF_STATUS_E_INVAL;
+		}
+
 		ucfg_scan_init_default_params(vdev, req);
 		req->scan_req.dwell_time_active = 0;
 		req->scan_req.scan_id = ucfg_scan_get_scan_id(mac_ctx->psoc);