5920a4b83c
In the function __wlan_hdd_cfg80211_stats_ext_request, data_len is recieved from vendor command and is passed ultimately to send_stats_ext_req_cmd_tlv. In send_stats_ext_req_cmd_tlv, len is calculated as sum of sizeof(*cmd), WMI_TLV_HDR_SIZE, preq->request_data_len.The len is of type uint16_t and adding sizeof(*cmd) + WMI_TLV_HDR_SIZE will cause a buffer overflow. Changed the datatype of len to size_t so that it doesn't overflow. Change-Id: I6618042e3c60bbdb1ff5d833188f4bdb4832da7a CRs-Fixed: 2243169