qcacmn: Fix OOB access in WMI_SAR_GET_LIMITS_EVENTID

This change is to fix the regression issue caused by CR 2316935 which
dropped the change of CR 2307276 in the refactoring.

Update handling of WMI_SAR_GET_LIMITS_EVENTID for a possible OOB that
can occur if param_buf->fixed_param.num_limit_rows is greater than
actual TLV length of param_buf->sar_get_limits array.

Change-Id: Id633296d39bcaf4d1588963368630e69ff790ea4
CRs-fixed: 2339015

wmi/src/wmi_unified_sta_tlv.c

@@ -1511,6 +1511,12 @@ static QDF_STATUS extract_sar_limit_event_tlv(wmi_unified_t wmi_handle,
 	event->sar_enable = fixed_param->sar_enable;
 	event->num_limit_rows = fixed_param->num_limit_rows;
 
+	if (event->num_limit_rows > param_buf->num_sar_get_limits) {
+		WMI_LOGE(FL("Num rows %d exceeds sar_get_limits rows len %d"),
+			 event->num_limit_rows, param_buf->num_sar_get_limits);
+		return QDF_STATUS_E_INVAL;
+	}
+
 	if (event->num_limit_rows > MAX_SAR_LIMIT_ROWS_SUPPORTED) {
 		QDF_ASSERT(0);
 		WMI_LOGE(FL("Num rows %d exceeds max of %d"),