Prevent OOBR in NxpNfc::ioctl

Bug: 139736127
Test: nxp ioctl work
Change-Id: I693f6534ff93ccda9df063d126a24eaddc11856c
(cherry picked from commit 5235b50bae57631d64a9f38627c38a2b1d786519)
diff --git a/extns/impl/NxpNfc.cpp b/extns/impl/NxpNfc.cpp
index 955499f..3aab2a9 100755
--- a/extns/impl/NxpNfc.cpp
+++ b/extns/impl/NxpNfc.cpp
@@ -38,6 +38,10 @@
   nfc_nci_IoctlInOutData_t* pInOutData =
       (nfc_nci_IoctlInOutData_t*)&inOutData[0];
 
+  if (inOutData.size() < sizeof (nfc_nci_IoctlInOutData_t)) {
+    ALOGE("%s invalid inOutData size, size = %d", __func__, (int)inOutData.size());
+    return Void();
+  }
   /*data from proxy->stub is copied to local data which can be updated by
    * underlying HAL implementation since its an inout argument*/
   memcpy(&inpOutData, pInOutData, sizeof(nfc_nci_IoctlInOutData_t));