qcacld-3.0: Avoid buffer overflow

qcacld-2.0 to qcacld-3.0 propagation.

scnprintf returns the number of characters which are actually
written in the buffer. Currently there is no check, while filling
buffer. Hence, a situation might arise where the len is greater
than the sizeof of buffer. Later, this buffer is copied to user space
through api copy_to_user and since the len is greater than buffer
size, buffer over-flow would occur.

As a part of fix, make sure that buffer over write doesn't occur.

Change-Id: I652979cb26fd7fff36ee54f9ec60132453ac7913
CRs-Fixed: 908252

core/hdd/src/wlan_hdd_ioctl.c

@@ -3528,7 +3528,7 @@ static int drv_cmd_get_roam_scan_channels(hdd_adapter_t *adapter,
 	 */
 	len = scnprintf(extra, sizeof(extra), "%s %d", command,
 			numChannels);
-	for (j = 0; (j < numChannels); j++)
+	for (j = 0; (j < numChannels) && len <= sizeof(extra); j++)
 		len += scnprintf(extra + len, sizeof(extra) - len,
 				 " %d", ChannelList[j]);