7a048f72e3
sme_ese_send_beacon_req_scan_results sends number of bss description present in beacon report through bcn_report->numBss. For each iteration driver could send max 4 BSS. In case if driver has to send beacon report for more than 4 BSS, It sends 4 BSS per iteration. Once first four results are sent and bcn_report->numBss is not set to 0, in next iteration bcn_report->numBss++ start from 4 instead of 0. This Result in sending value more than 4 instead of 4 for next rest BSS and leads to Integer overflow for bcn_report->numBss. Driver should memset beacon_rep buffer for each iteration in order to prevent Integer overflow of bcn_report->numBss. By this driver could send fresh beacon report (independent of previous beacon report) in each iteration. Fix is to memset beacon_rep buffer to zero after sending beacon report in each iteration in sme_ese_send_beacon_req_scan_results. Change-Id: I0d07e54ec7f05e8eef388f9958fad597dc49873e CRs-Fixed: 2408834
This is CNSS WLAN Host Driver for products starting from iHelium