qcacmn: Fix zero size malloc when memory debug is disabled

In SLUB disabled builds, the qdf_mem_malloc calls the
qdf_mem_malloc_fl function which doesn't
validate if the size provided is 0 and returns the value
ZERO_SIZE_PTR(((void *)16)) for the pointer. When this pointer
is dereferenced, it causes invalid address dereference.

Validate if the size parameter provided to qdf_mem_malloc is
0 or greater than QDF_MEM_MAX_MALLOC. Return failure if the
validation fails.

Change-Id: I8fc6bc796847e9dd3dfd5186b0386d323560d0cf
CRs-Fixed: 2571505

qdf/linux/src/qdf_mem.c

@@ -43,15 +43,15 @@
 #include <net/cnss_prealloc.h>
 #endif
 
-#ifdef MEMORY_DEBUG
-#include "qdf_debug_domain.h"
-#include <qdf_list.h>
-
 /* Preprocessor Definitions and Constants */
 #define QDF_MEM_MAX_MALLOC (4096 * 1024) /* 4 Mega Bytes */
 #define QDF_MEM_WARN_THRESHOLD 300 /* ms */
 #define QDF_DEBUG_STRING_SIZE 512
 
+#ifdef MEMORY_DEBUG
+#include "qdf_debug_domain.h"
+#include <qdf_list.h>
+
 static qdf_list_t qdf_mem_domains[QDF_DEBUG_DOMAIN_COUNT];
 static qdf_spinlock_t qdf_mem_list_lock;
 
@@ -1236,6 +1236,12 @@ void *qdf_mem_malloc_fl(size_t size, const char *func, uint32_t line)
 {
 	void *ptr;
 
+	if (!size || size > QDF_MEM_MAX_MALLOC) {
+		qdf_nofl_err("Cannot malloc %zu bytes @ %s:%d", size, func,
+			     line);
+		return NULL;
+	}
+
 	ptr = qdf_mem_prealloc_get(size);
 	if (ptr)
 		return ptr;