qcacld-3.0: Add check for num_peers in wma_ibss_peer_info_event_handler

in wma_ibss_peer_info_event_handler, the driver has a upper
bound check on num_peers and not a lower bound check.
the num_peers should be a positive value.
Since there is no check to see if num_peers is set to 0,
this check can underflow and result in multiple OOB writes
once the loop has incremented more than 32 times.

Fix is to check whether num_peers is a positive value,
and return if not found true.

Change-Id: I599151cc6720ed931142ad6a519add6957fea467
CRs-Fixed: 2324139

core/wma/src/wma_data.c

@@ -2100,8 +2100,9 @@ int wma_ibss_peer_info_event_handler(void *handle, uint8_t *data,
 	}
 
 	/*sanity check */
-	if ((num_peers > 32) || (num_peers > param_tlvs->num_peer_info) ||
-	    (!peer_info)) {
+	if (!(num_peers) || (num_peers > 32) ||
+	     (num_peers > param_tlvs->num_peer_info) ||
+	     (!peer_info)) {
 		WMA_LOGE("%s: Invalid event data from target num_peers %d peer_info %pK",
 			__func__, num_peers, peer_info);
 		status = 1;