qcacmn: Add boundary check on TSO segments

In the error-path execution stream where number of tso segments
in a tso_descriptor, there was an assumption that the number would
be > 0 (normal case is 2). When it is zero, a segment at a wrong
index (-1=> (4M-1)) was being unmapped, which was a bad access.
Add code to make sure that the index in question is in the range.
Need still to understand the reason why num_segs were smaller (0)
then expected (2).

Change-Id: I5d6e16f48f29c98cfb2191cf497f4203ea56a78f
CRs-Fixed: 2028808

qdf/linux/src/qdf_nbuf.c

@@ -1944,7 +1944,10 @@ void __qdf_nbuf_unmap_tso_segment(qdf_device_t osdev,
 			  struct qdf_tso_seg_elem_t *tso_seg,
 			  bool is_last_seg)
 {
-	uint32_t num_frags = tso_seg->seg.num_frags - 1;
+	uint32_t num_frags = 0;
+
+	if (tso_seg->seg.num_frags > 0)
+		num_frags = tso_seg->seg.num_frags - 1;
 
 	/*Num of frags in a tso seg cannot be less than 2 */
 	if (num_frags < 1) {