qcacmn: Fix null pointer dereference in extract_sar_limit_event_tlv

When WMI_SAR_GET_LIMITS_EVENTID is received from firmware, the
function extract_sar_limit_event_tlv is called to update the SAR
limits for all the chains of each band. There is a for loop
defined to loop over each item in param_buf->sar_get_limits.
Since the param_buf->sar_get_limits could be either optionally
defined or not a part of the message at all there is a potential
NULL pointer dereference if sar_get_limits is not sent as part
of the WMI_SAR_GET_LIMITS_EVENTID event.

param_buf->sar_get_limits needs to be checked for NULL prior to
derefencing it.

Change-Id: I93c07fa8048df97c6f6960b0db6df3bbc30e23b4
CRs-Fixed: 2336928

wmi/src/wmi_unified_sta_tlv.c

@@ -1526,14 +1526,18 @@ static QDF_STATUS extract_sar_limit_event_tlv(wmi_unified_t wmi_handle,
 	}
 
 	row_in = param_buf->sar_get_limits;
-	row_out = &event->sar_limit_row[0];
-	for (row = 0; row < event->num_limit_rows; row++) {
-		row_out->band_id = row_in->band_id;
-		row_out->chain_id = row_in->chain_id;
-		row_out->mod_id = row_in->mod_id;
-		row_out->limit_value = row_in->limit_value;
-		row_out++;
-		row_in++;
+	if (!row_in) {
+		WMI_LOGD("sar_get_limits is NULL");
+	} else {
+		row_out = &event->sar_limit_row[0];
+		for (row = 0; row < event->num_limit_rows; row++) {
+			row_out->band_id = row_in->band_id;
+			row_out->chain_id = row_in->chain_id;
+			row_out->mod_id = row_in->mod_id;
+			row_out->limit_value = row_in->limit_value;
+			row_out++;
+			row_in++;
+		}
 	}
 
 	return QDF_STATUS_SUCCESS;