platform: msm_shared: Added checks for integer wrap.

It will check for the integer wrap around incase of dev_tree_appended
and verifies the dev tree addresses with in the range

CRs-Fixed: 684764
Change-Id: Idd1c74003cc8d4799e8a2855fe405f3ce79b3ea3
diff --git a/platform/msm_shared/dev_tree.c b/platform/msm_shared/dev_tree.c
index 708a565..ee62ecd 100644
--- a/platform/msm_shared/dev_tree.c
+++ b/platform/msm_shared/dev_tree.c
@@ -305,8 +305,11 @@
 
 	memcpy((void*) &app_dtb_offset, (void*) (kernel + DTB_OFFSET), sizeof(uint32_t));
 
+	if (((uintptr_t)kernel + (uintptr_t)app_dtb_offset) < (uintptr_t)kernel) {
+		return NULL;
+	}
 	dtb = kernel + app_dtb_offset;
-	while (dtb + sizeof(struct fdt_header) < kernel_end) {
+	while (((uintptr_t)dtb + sizeof(struct fdt_header)) < (uintptr_t)kernel_end) {
 		uint32_t dtb_soc_rev_id;
 		struct fdt_header dtb_hdr;
 		uint32_t dtb_size;
@@ -315,7 +318,8 @@
 		 * and operate on it separately */
 		memcpy(&dtb_hdr, dtb, sizeof(struct fdt_header));
 		if (fdt_check_header((const void *)&dtb_hdr) != 0 ||
-		    (dtb + fdt_totalsize((const void *)&dtb_hdr) > kernel_end))
+		    ((uintptr_t)dtb + (uintptr_t)fdt_totalsize((const void *)&dtb_hdr) < (uintptr_t)dtb) ||
+			((uintptr_t)dtb + (uintptr_t)fdt_totalsize((const void *)&dtb_hdr) > (uintptr_t)kernel_end))
 			break;
 		dtb_size = fdt_totalsize(&dtb_hdr);