qcacmn: Fix OOB read in init_deinit_handle_host_mem_req()

num_mem_reqs used as for loop vairable in init_deinit_handle_host_mem_req,
will give user control over tgt_hdl->info->num_mem_chunks used in
init_deinit_alloc_host_mem()  which is later passed to
init_cmd_send_tlv().

In init_cmd_send_tlv() num_mem_chunks is used as a for loop variable,
and can result in OOB issue.

Change-Id: Ica9bd42e596da19a4033ffd9424ddeedb593bad1
CRs-Fixed: 2331844

target_if/init_deinit/src/init_cmd_api.c

@@ -342,6 +342,12 @@ QDF_STATUS init_deinit_handle_host_mem_req(
 	if (!num_mem_reqs)
 		return QDF_STATUS_SUCCESS;
 
+	if (num_mem_reqs > MAX_MEM_CHUNKS) {
+		target_if_err_rl("num_mem_reqs:%u is out of bounds",
+				 num_mem_reqs);
+		return QDF_STATUS_E_FAILURE;
+	}
+
 	for (i = 0; i < FW_PRIORITY_MAX; i++) {
 		for (idx = 0; idx < num_mem_reqs; idx++) {
 			status = init_deinit_alloc_num_units(psoc, tgt_hdl,