qcacld-2.0: Fix error check for insufficient buffer in AP stats collection

Replace 'scnprintf' with 'snprintf' to know the number of bytes that were
attempted to be copied while calculating the AP stats. This is needed to
know if the supplied buffer was long enough or not. Since ‘scnprintf’
returns only the number of characters written into the buffer, it is not
helpful here and hence replacing it with ‘snprintf’ which returns the
number of bytes attempted to copy. snprintf's return value doesn't
include the terminating null byte.

Change-Id: I141d65321afb16d589800cf5ac25edbf58775676
CRs-Fixed: 997777

drivers/net/wireless/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c

@@ -4277,7 +4277,7 @@ static __iw_softap_ap_stats(struct net_device *dev,
         hddLog(LOG1, "unable to allocate memory");
         return -ENOMEM;
     }
-    len = scnprintf(pstatbuf, wrqu->data.length,
+    len = snprintf(pstatbuf, wrqu->data.length,
                     "RUF=%d RMF=%d RBF=%d "
                     "RUB=%d RMB=%d RBB=%d "
                     "TUF=%d TMF=%d TBF=%d "
@@ -4289,14 +4289,18 @@ static __iw_softap_ap_stats(struct net_device *dev,
                     (int)statBuffer.txBCFcnt, (int)statBuffer.txUCBcnt,
                     (int)statBuffer.txMCBcnt, (int)statBuffer.txBCBcnt);
 
-    if (len > wrqu->data.length ||
-        copy_to_user((void *)wrqu->data.pointer, (void *)pstatbuf, len))
-    {
+    if (len >= wrqu->data.length) {
+        hddLog(LOG1, "%s: Insufficient buffer:%d, %d",
+            __func__, wrqu->data.length, len);
+        kfree(pstatbuf);
+        return -E2BIG;
+    }
+    if (copy_to_user((void *)wrqu->data.pointer, (void *)pstatbuf, len)) {
         hddLog(LOG1, "%s: failed to copy data to user buffer", __func__);
         kfree(pstatbuf);
         return -EFAULT;
     }
-    wrqu->data.length -= len;
+    wrqu->data.length = len;
     kfree(pstatbuf);
     EXIT();
     return 0;