qcacld-3.0: Fix integer overflow in rrm_fill_beacon_ies()

In rrm_fill_beacon_ies(), the len is the total length of
IE + 2 bytes for element ID (1 byte) and length of the
IE(1 byte). Length is defined of type uint8_t and can have
only values upto 255. When the IE content length is 254,
adding 2 bytes to this will cause the len to overflow
resulting in continuous loop in rrm_fill_beacon_ies.

Change the len type to uint16_t to avoid integer overflow.

Change-Id: Id6a6bcce150f778e24316ccc5fb51c6e2a95fc5e
CRs-Fixed: 2537774

0 files changed, 0 insertions, 0 deletions