qcacmn: Fix possible OOB access for tx_hw_desc_history

Memory allocated for tx_hw_desc_history uses incorrect
size parameter resulting in much lower memory to get
assigned. This will result in OOB access and corruptions
in memory, regions post the trailing boundary when updating
tx hw desc events via dp_tx_hw_desc_update_evt.

Fix is to use the appropriate memory size for tx_hw_desc_history
and add NULL check in dp_tx_hw_desc_update_evt.

Change-Id: I97af7898cf8bf1b24978d559f84a2a3d00227ed8
CRs-Fixed: 2952859

dp/wifi3.0/dp_main.c

@@ -4541,7 +4541,7 @@ static void dp_soc_tx_hw_desc_history_attach(struct dp_soc *soc)
 {
 	soc->tx_hw_desc_history = dp_context_alloc_mem(
 			soc, DP_TX_HW_DESC_HIST_TYPE,
-			sizeof(struct dp_tx_hw_desc_evt));
+			sizeof(*soc->tx_hw_desc_history));
 	if (soc->tx_hw_desc_history)
 		soc->tx_hw_desc_history->index = 0;
 }

dp/wifi3.0/dp_tx.c

@@ -1523,6 +1523,9 @@ dp_tx_hw_desc_update_evt(uint8_t *hal_tx_desc_cached,
 	struct dp_tx_hw_desc_evt *evt;
 	uint64_t idx = 0;
 
+	if (!soc->tx_hw_desc_history)
+		return;
+
 	idx = ++soc->tx_hw_desc_history->index;
 	if (idx == DP_TX_HW_DESC_HIST_MAX)
 		soc->tx_hw_desc_history->index = 0;