Merge changes Ic1765889,Ie064322f,I6022c438 into wlan-cld3.driver.lnx.2.0

* changes:
  Release 5.2.0.203R
  qcacld-3.0: fix a possible out-of-bounds access issue
  Release 5.2.0.203Q

core/hdd/inc/qc_sap_ioctl.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -29,7 +29,7 @@
 
 struct channel_list_info {
 	uint8_t num_channels;
-	uint8_t channels[CFG_VALID_CHANNEL_LIST_LEN];
+	uint8_t channels[NUM_CHANNELS];
 };
 
 #ifdef __linux__

core/hdd/src/wlan_hdd_hostapd_wext.c

@@ -1990,19 +1990,25 @@ int iw_get_channel_list_with_cc(struct net_device *dev,
 		hdd_err_rl("GetChannelList Failed!!!");
 		return -EINVAL;
 	}
-	buf = extra;
+
 	/*
-	 * Maximum channels = WNI_CFG_VALID_CHANNEL_LIST_LEN.
-	 * Maximum buffer needed = 5 * number of channels.
+	 * Maximum buffer needed =
+	 * [4: 3 digits of num_chn + 1 space] +
+	 * [REG_ALPHA2_LEN: REG_ALPHA2_LEN digits] +
+	 * [4 * num_chn: (1 space + 3 digits of chn[i]) * num_chn] +
+	 * [1: Terminator].
+	 *
 	 * Check if sufficient buffer is available and then
 	 * proceed to fill the buffer.
 	 */
-	if (WE_MAX_STR_LEN < (5 * CFG_VALID_CHANNEL_LIST_LEN)) {
+	if (WE_MAX_STR_LEN <
+	    (4 + REG_ALPHA2_LEN + 4 * channel_list.num_channels + 1)) {
 		hdd_err_rl("Insufficient Buffer to populate channel list");
 		return -EINVAL;
 	}
-	len = scnprintf(buf, WE_MAX_STR_LEN, "%u ", channel_list.num_channels);
 
+	buf = extra;
+	len = scnprintf(buf, WE_MAX_STR_LEN, "%u ", channel_list.num_channels);
 	wlan_reg_get_cc_and_src(mac->psoc, ubuf);
 	/* Printing Country code in getChannelList(break at '\0') */
 	for (i = 0; i < (ubuf_len - 1) && ubuf[i] != 0; i++)