qcacmn: Fix possible buffer overflow in send_stats_ext_req_cmd_tlv

In the function __wlan_hdd_cfg80211_stats_ext_request,
data_len is recieved from vendor command and is passed ultimately
to send_stats_ext_req_cmd_tlv.  In send_stats_ext_req_cmd_tlv, len
is calculated as sum of sizeof(*cmd), WMI_TLV_HDR_SIZE,
preq->request_data_len.The len is of type uint16_t
and adding sizeof(*cmd) + WMI_TLV_HDR_SIZE will cause a buffer
overflow.

Changed the datatype of len to size_t so that it doesn't overflow.

Change-Id: I6618042e3c60bbdb1ff5d833188f4bdb4832da7a
CRs-Fixed: 2243169

0 files changed, 0 insertions, 0 deletions