qcacmn: Add a tid check for RX to avoid of OOB access

Tid in RX frame header may be larger than MAX TID allowed
value, this will lead a out of boundary array access and
lead to kernel crash at last. Change is aimed to do a TID
check and discard such frame when necessary.

Change-Id: I11f312668a5a42d690c058550f22b0f36f952104
CRs-Fixed: 3264581

dp/wifi3.0/be/dp_be_rx.c

@@ -590,6 +590,12 @@ done:
 
 		/* Get TID from struct cb->tid_val, save to tid */
 		tid = qdf_nbuf_get_tid_val(nbuf);
+		if (qdf_unlikely(tid >= CDP_MAX_DATA_TIDS)) {
+			DP_STATS_INC(soc, rx.err.rx_invalid_tid_err, 1);
+			dp_rx_nbuf_free(nbuf);
+			nbuf = next;
+			continue;
+		}
 
 		if (qdf_unlikely(!txrx_peer)) {
 			txrx_peer = dp_rx_get_txrx_peer_and_vdev(soc, nbuf,