qcacmn: Fix possible OOB read in extract_pdev_utf_event_tlv

The function extract_pdev_utf_event_tlv, is called when the WMI
event WMI_PDEV_UTF_EVENTID is received. The event_buf
argument to it is fully FW controlled. There is an assumption
that the WMI message is at least the size of struct
wmi_host_utf_seg_header_info which could lead to OOB read issues
when a shorter message is sent.

Add fix to validate the event->datalen passed against
sizeof(struct wmi_host_utf_seg_header_info) before copying to
seg_hdr.

Change-Id: I1a8313f11013722edb601c009e59b1509fda3280
CRs-Fixed: 2305465

wmi/src/wmi_unified_tlv.c

@@ -19208,6 +19208,11 @@ static QDF_STATUS extract_pdev_utf_event_tlv(wmi_unified_t wmi_handle,
 	param_buf = (WMI_PDEV_UTF_EVENTID_param_tlvs *)evt_buf;
 	event->data = param_buf->data;
 	event->datalen = param_buf->num_data;
+
+	if (event->datalen < sizeof(struct wmi_host_utf_seg_header_info)) {
+		WMI_LOGE("%s: Invalid datalen: %d ", __func__, event->datalen);
+		return QDF_STATUS_E_INVAL;
+	}
 	seg_hdr = (struct wmi_host_utf_seg_header_info *)param_buf->data;
 	/* Set pdev_id=1 until FW adds support to include pdev_id */
 	event->pdev_id = wmi_handle->ops->convert_pdev_id_target_to_host(