qdsp6v2: apr: check for packet size to header size comparison

Check if packet size is large enough to hold the header.

Change-Id: I7261f8111d8b5f4f7c181e469de248a732242d64
Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
[haggertk: backport to 3.4/msm8974]
CVE-2019-2331
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>

arch/arm/mach-msm/qdsp6v2/apr.c

@@ -364,6 +364,12 @@ void apr_cb_func(void *buf, int len, void *priv)
 		pr_err("APR: Wrong paket size\n");
 		return;
 	}
+
+	if (hdr->pkt_size < hdr_size) {
+		pr_err("APR: Packet size less than header size\n");
+		return;
+	}
+
 	msg_type = hdr->hdr_field;
 	msg_type = (msg_type >> 0x08) & 0x0003;
 	if (msg_type >= APR_MSG_TYPE_MAX && msg_type != APR_BASIC_RSP_RESULT) {