qcacld-3.0: Invalid rem_len computation in roam stats evt handler

rem_len is calculated based on MAX size of the WMI message
(WMI_SVC_MSG_MAX_SIZE) while extracting data from
WMI_ROAM_STATS_EVENTID event data.

Correct this by considering the actual message length
received in the event.

Change-Id: If24f732a8fdc0ad403e9b8a936ff8cfa0b7f7737
CRs-Fixed: 3035196

components/wmi/src/wmi_unified_roam_tlv.c

@@ -2886,7 +2886,7 @@ extract_roam_stats_event_tlv(wmi_unified_t wmi_handle, uint8_t *evt_buf,
 		num_tlv = MAX_ROAM_SCAN_STATS_TLV;
 	}
 
-	rem_len = WMI_SVC_MSG_MAX_SIZE - sizeof(*fixed_param);
+	rem_len = len - sizeof(*fixed_param);
 	if (rem_len < num_tlv * sizeof(wmi_roam_trigger_reason)) {
 		wmi_err_rl("Invalid roam trigger data");
 		return QDF_STATUS_E_INVAL;

core/wma/src/wma_scan_roam.c

@@ -2070,7 +2070,7 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event,
 		num_tlv = MAX_ROAM_SCAN_STATS_TLV;
 	}
 
-	rem_len = WMI_SVC_MSG_MAX_SIZE - sizeof(*fixed_param);
+	rem_len = len - sizeof(*fixed_param);
 	if (rem_len < num_tlv * sizeof(wmi_roam_trigger_reason)) {
 		wma_err_rl("Invalid roam trigger data");
 		goto err;