qcacld-3.0: protect channel list buffer

propagation from qcacld-2.0 to qcacld-3.0

AP+AP case, one is started, another one start fails and its channel
list buffer is NULL. When radar signal found, it will change channel
with second sap's context, then crashed since channel list is NULL.

Change-Id: I73f2c1c2fa0667e7517e2a6867d79175c47d4582
CRs-Fixed: 1091122

core/sap/src/sap_module.c

@@ -2615,6 +2615,13 @@ wlansap_channel_change_request(void *pSapCtx, uint8_t target_channel)
 	}
 	mac_ctx = PMAC_STRUCT(hHal);
 	phy_mode = sapContext->csr_roamProfile.phyMode;
+
+	if (sapContext->csr_roamProfile.ChannelInfo.numOfChannels == 0 ||
+	    sapContext->csr_roamProfile.ChannelInfo.ChannelList == NULL) {
+		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+			FL("Invalid channel list"));
+		return QDF_STATUS_E_FAULT;
+	}
 	sapContext->csr_roamProfile.ChannelInfo.ChannelList[0] = target_channel;
 	/*
 	 * We are getting channel bonding mode from sapDfsInfor structure