qcacld-3.0: Fix validation check for roam sync frame event

More than one roam sync frame event can be sent from FW so
the beacon, reassoc req or rsp length can be zero.
Hence the current code validation check is incorrect resulting
in roam abort.

To fix this, change the validation to check if beacon,
reassoc req or rsp value is non zero and then check the size.

Change-Id: I6ddec91686c23d9b8dac4c891b37bb1ce9d0fb30
CRs-Fixed: 3306428

components/wmi/src/wmi_unified_roam_tlv.c

@@ -2644,15 +2644,23 @@ extract_roam_sync_frame_event_tlv(wmi_unified_t wmi_handle, void *event,
 		return QDF_STATUS_E_FAILURE;
 	}
 
+	/*
+	 * Firmware can send more than one roam synch frame event to host
+	 * driver. So Bcn_prb_rsp_len/reassoc_req_len/reassoc_rsp_len can be 0
+	 * in some of the events.
+	 */
 	if (synch_frame_event->bcn_probe_rsp_len >
 	    param_buf->num_bcn_probe_rsp_frame ||
 	    synch_frame_event->reassoc_req_len >
 	    param_buf->num_reassoc_req_frame ||
 	    synch_frame_event->reassoc_rsp_len >
 	    param_buf->num_reassoc_rsp_frame ||
-	    synch_frame_event->bcn_probe_rsp_len < sizeof(struct wlan_frame_hdr) ||
-	    synch_frame_event->reassoc_req_len < sizeof(struct wlan_frame_hdr) ||
-	    synch_frame_event->reassoc_rsp_len < sizeof(struct wlan_frame_hdr)) {
+	    (synch_frame_event->bcn_probe_rsp_len &&
+	    synch_frame_event->bcn_probe_rsp_len < sizeof(struct wlan_frame_hdr)) ||
+	    (synch_frame_event->reassoc_req_len &&
+	    synch_frame_event->reassoc_req_len < sizeof(struct wlan_frame_hdr)) ||
+	    (synch_frame_event->reassoc_rsp_len &&
+	    synch_frame_event->reassoc_rsp_len < sizeof(struct wlan_frame_hdr))) {
 		wmi_err("fixed/actual len err: bcn:%d/%d req:%d/%d rsp:%d/%d",
 			synch_frame_event->bcn_probe_rsp_len,
 			param_buf->num_bcn_probe_rsp_frame,