qcacld-3.0: Add num_debug_register check to avoid OOB access

Add num_debug_register check in
wma_unified_power_debug_stats_event_handler() to avoid OOB access.

Change-Id: Iae206bc467a940a8fbc1128bff498af958df1c04
CRs-Fixed: 2160403

core/wma/src/wma_features.c

@@ -5081,7 +5081,8 @@ int wma_unified_power_debug_stats_event_handler(void *handle,
 
 	if (param_buf->num_debug_register > ((WMI_SVC_MSG_MAX_SIZE -
 		sizeof(wmi_pdev_chip_power_stats_event_fixed_param)) /
-		sizeof(uint32_t))) {
+		sizeof(uint32_t)) ||
+	    param_buf->num_debug_register > param_tlvs->num_debug_registers) {
 		WMA_LOGE("excess payload: LEN num_debug_register:%u",
 				param_buf->num_debug_register);
 		return -EINVAL;