diff --git a/core/dp/htt/htt_t2h.c b/core/dp/htt/htt_t2h.c
index 7daa1fbf75..2c883eb763 100644
--- a/core/dp/htt/htt_t2h.c
+++ b/core/dp/htt/htt_t2h.c
@@ -467,7 +467,16 @@ static void htt_t2h_lp_msg_handler(void *context, qdf_nbuf_t htt_t2h_msg,
 #ifndef REMOVE_PKT_LOG
 	case HTT_T2H_MSG_TYPE_PKTLOG:
 	{
-		pktlog_process_fw_msg(msg_word + 1);
+		uint32_t len = qdf_nbuf_len(htt_t2h_msg);
+
+		if (len < sizeof(*msg_word) + sizeof(uint32_t)) {
+			qdf_print("%s: invalid nbuff len \n", __func__);
+			WARN_ON(1);
+			break;
+		}
+
+		/*len is reduced by sizeof(*msg_word)*/
+		pktlog_process_fw_msg(msg_word + 1, len - sizeof(*msg_word));
 		break;
 	}
 #endif
diff --git a/core/dp/txrx/ol_txrx_types.h b/core/dp/txrx/ol_txrx_types.h
index ffb9301cec..925788742a 100644
--- a/core/dp/txrx/ol_txrx_types.h
+++ b/core/dp/txrx/ol_txrx_types.h
@@ -1324,6 +1324,11 @@ struct ol_rx_remote_data {
 	uint8_t mac_id;
 };
 
+struct ol_fw_data {
+	void *data;
+	uint32_t len;
+};
+
 #define INVALID_REORDER_INDEX 0xFFFF
 
 #define SPS_DESC_SIZE 8