From ae9a7af432483fb4bbada2e993426921116bacb0 Mon Sep 17 00:00:00 2001
From: Mohit Ghuley <mohit.ghuley@samsung.com>
Date: Tue, 20 Mar 2018 16:57:34 +0530
Subject: [PATCH] [7570][7885][9610] wlbt : Fix for LLS Memory Copy Issue.

Fix for Link Layer Stats Memory Copy Issue during
Response Handling of GetLinkStatsCommand.

Change-Id: Ie81e515388d57c8887e9c51bccb2127479e8dfc0
SCSC-Bug-Id:SSB-37835
Signed-off-by: Mohit Ghuley <mohit.ghuley@samsung.com>
---
 link_layer_stats.cpp | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/link_layer_stats.cpp b/link_layer_stats.cpp
index 93b305c..f5185ec 100755
--- a/link_layer_stats.cpp
+++ b/link_layer_stats.cpp
@@ -205,8 +205,9 @@ protected:
         u8 *data = (u8 *)reply.get_vendor_data();
         int len = reply.get_vendor_data_len();
         int num_radios = 0, i = 0;
-	 num_radios = data[0];
-	 data += sizeof(data[0]);
+        num_radios = data[0];
+        data += sizeof(data[0]);
+
         // assuming max peers is 16
         wifi_iface_stat *iface_stat = (wifi_iface_stat *) malloc(sizeof(wifi_iface_stat) + sizeof(wifi_peer_info) * 16);
         if (!iface_stat) {
@@ -215,9 +216,9 @@ protected:
         }
 
         // max channel is 39 (14 2.4GHz and 25 5GHz)
-	 wifi_radio_stat *radio_stat = (wifi_radio_stat *) malloc((num_radios * sizeof(wifi_radio_stat)) + sizeof(wifi_channel_stat) * 39);
-	 wifi_radio_stat *radio_stat2;
-	 radio_stat2 = radio_stat;
+        wifi_radio_stat *radio_stat = (wifi_radio_stat *) malloc((num_radios * sizeof(wifi_radio_stat)) + sizeof(wifi_channel_stat) * 39);
+        wifi_radio_stat *radio_stat2;
+        radio_stat2 = radio_stat;
         if (!radio_stat) {
             ALOGE("Memory alloc failed for radio_stat in response handler!!!");
             free(iface_stat);
@@ -247,14 +248,18 @@ protected:
             memcpy(iface_stat->peer_info, data, sizeof(wifi_peer_info) * iface_stat->num_peers);
             data += sizeof(wifi_peer_info) * iface_stat->num_peers;
         }
-	for (i = 0; i < num_radios; i++) {
-	 	memcpy(radio_stat2, data, sizeof(*radio_stat2));
-	 	data += sizeof(*radio_stat2);
-        	memcpy(radio_stat2->channels, data, sizeof(wifi_channel_stat)* radio_stat2->num_channels);
-		data += sizeof(wifi_channel_stat)* radio_stat2->num_channels;
-		radio_stat2=(wifi_radio_stat *) ((u8 *)radio_stat2+ sizeof(wifi_radio_stat) + 
-			    (sizeof(wifi_channel_stat) * radio_stat2->num_channels ));
-	}
+        for (i = 0; i < num_radios; i++) {
+            memcpy(radio_stat2, data, radio_data_len1);
+            data += radio_data_len1;
+            memcpy(&radio_stat2->rx_time, data, radio_data_len2);
+            data += radio_data_len2;
+            memcpy(radio_stat2->channels, data, sizeof(wifi_channel_stat)* radio_stat2->num_channels);
+            radio_stat2->num_tx_levels = 0;
+            radio_stat2->tx_time_per_levels = NULL;
+            data += sizeof(wifi_channel_stat)* radio_stat2->num_channels;
+            radio_stat2=(wifi_radio_stat *) ((u8 *)radio_stat2+ sizeof(wifi_radio_stat) +
+                        (sizeof(wifi_channel_stat) * radio_stat2->num_channels ));
+        }
         iface_stat->iface = iface;
         (*mHandler.on_link_stats_results)(id, iface_stat, num_radios, radio_stat);
         free(iface_stat);
-- 
2.20.1