qcacmn: Fix possible OOB write in extract_time_sync_ftm_offset_event_tlv

In extract_time_sync_ftm_offset_event_tlv there is a possible
OOB write when value of num_qtime received from firmware is
greater than FTM_TIME_SYNC_QTIME_PAIR_MAX.

Fix is to add a sanity check for value of num_qtime received from
firmware to avoid the OOB write.

Change-Id: I6e57b1d716992d1a3c7d2f7ea911fefcbfbeff34
CRs-Fixed: 3033509

wmi/src/wmi_unified_tlv.c

@@ -15525,6 +15525,9 @@ extract_time_sync_ftm_offset_event_tlv(wmi_unified_t wmi, void *buf,
 
 	param->vdev_id = resp_event->vdev_id;
 	param->num_qtime = param_buf->num_audio_sync_q_master_slave_times;
+	if (param->num_qtime > FTM_TIME_SYNC_QTIME_PAIR_MAX)
+		param->num_qtime = FTM_TIME_SYNC_QTIME_PAIR_MAX;
+
 	q_pair = param_buf->audio_sync_q_master_slave_times;
 	if (!q_pair) {
 		wmi_err("Invalid q_master_slave_times buffer");