qcacld-3.0: Fix buffer overwrite in wma_unified_debug_print_event_handler

In function wma_unified_debug_print_event_handler, datalen is
received from the FW and is used to mem copy data buffer from
FW into the local array dbgbuf. Since dbgbuf is a local array
of size 500 bytes, if datalen is greater than 500, buffer
overwrite occurs during memcpy.

Add sanity check to limit datalen to 500 bytes if value received
is greater than 500 bytes.

Change-Id: Id63b5106bc7a3d3836d17ae47d019bc8a71c928e
CRs-Fixed: 2134801

core/wma/src/wma_utils.c

@@ -3424,6 +3424,7 @@ QDF_STATUS wma_wni_cfg_dnld(tp_wma_handle wma_handle)
 	return qdf_status;
 }
 
+#define BIG_ENDIAN_MAX_DEBUG_BUF   500
 /**
  * wma_unified_debug_print_event_handler() - debug print event handler
  * @handle: wma handle
@@ -3449,7 +3450,12 @@ int wma_unified_debug_print_event_handler(void *handle, uint8_t *datap,
 
 #ifdef BIG_ENDIAN_HOST
 	{
-		char dbgbuf[500] = { 0 };
+		if (datalen > BIG_ENDIAN_MAX_DEBUG_BUF) {
+			WMA_LOGE("%s Invalid data len %d, limiting to max",
+				 __func__, datalen);
+			datalen = BIG_ENDIAN_MAX_DEBUG_BUF;
+		}
+		char dbgbuf[BIG_ENDIAN_MAX_DEBUG_BUF] = { 0 };
 
 		memcpy(dbgbuf, data, datalen);
 		SWAPME(dbgbuf, datalen);