For example, If tmp_new[1] = 3, subie_len=160,
tmp_new + tmp_new[1] + MIN_IE_LEN) - sub_copy will be 159.
In this scenario, while condition gets true (159 <= 160)
In if condition (159 >= 160), we are not breaking the loop in if.
tmp_new will get incremented, tmp_new will point at 159,
tmp_new[1] will point at 160, tmp_new[2] point at 161.
So, we are accessing one byte out-of-bound value.
To fix accessing out-of-bound value subtract one from the subie_len
in while and if condition to avoid this scenario.
Change-Id: I624585323963b6d79acf9ff0f96ec17e0b415c2d
CRs-Fixed: 3358833
b7987d7b29