qcacld-3.0: Fix possible buffer over-read condition

In the API csr_roam_roaming_state_reassoc_rsp_processor
the driver extracts pNeighborRoamInfo from pMac, but it
may happen the session id is greater than CSR_ROAM_SESSION_MAX
which results in a out of bound access of memory.

Fix is to have a max check of session ID and then extract
pNeighborRoamInfo from that session.

Change-Id: If3fb98fa278562abe40137ffead8ff4f85b40b1f
CRs-Fixed: 2259229

core/sme/src/csr/csr_api_roam.c

@@ -10102,12 +10102,19 @@ static void csr_roam_roaming_state_reassoc_rsp_processor(tpAniSirGlobal pMac,
 						tpSirSmeJoinRsp pSmeJoinRsp)
 {
 	enum csr_roamcomplete_result result;
-	tpCsrNeighborRoamControlInfo pNeighborRoamInfo =
-		&pMac->roam.neighborRoamInfo[pSmeJoinRsp->sessionId];
+	tpCsrNeighborRoamControlInfo pNeighborRoamInfo = NULL;
 	struct csr_roam_info roamInfo;
 	uint32_t roamId = 0;
 	struct csr_roam_session *csr_session;
 
+	if (pSmeJoinRsp->sessionId >= CSR_ROAM_SESSION_MAX) {
+		sme_err("Invalid session ID received %d",
+			 pSmeJoinRsp->sessionId);
+		return;
+	}
+
+	pNeighborRoamInfo =
+		&pMac->roam.neighborRoamInfo[pSmeJoinRsp->sessionId];
 	if (eSIR_SME_SUCCESS == pSmeJoinRsp->statusCode) {
 		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_DEBUG,
 			 "CSR SmeReassocReq Successful");