Critical Stack Overflow in `vendor_ie_data_t` usage due to flexible array misuse

[wzf2020]

Environment

• Module or chip used: [e.g. ESP32-S3]
• IDF version: v5.4.2 (or commit hash)
• Operating System: Linux
• File: WiFi_TX.cpp

Problem Description

I encountered a critical crash (Guru Meditation Error: Core 0 panic'ed (Double exception)) when using vendor_ie_data_t with memcpy on the payload[0] flexible array member.

The crash is caused by stack overflow due to writing to payload without allocating sufficient memory. The vendor_ie_data_t structure uses a flexible array (uint8_t payload[0];)

vendor_ie_data_t IE_data;
memcpy(IE_data.payload, src, len); // ❌ Writes beyond stack-allocated struct → stack corruption

### Suggested Fix / Improvement
vendor_ie_data_t must be allocated with
```c
total_size = sizeof(vendor_ie_data_t) + length - header_offset;
vendor_ie_data_t* IE_data = malloc(total_size);

IE_data->element_id = WIFI_VENDOR_IE_ELEMENT_ID;
IE_data->vendor_oui[0] = 0xFA;
IE_data->vendor_oui[1] = 0x0B;
IE_data->vendor_oui[2] = 0xBC;
IE_data->vendor_oui_type = 0x0D;

memcpy(IE_data->payload, &buffer[header_offset], length - header_offset);
 if (esp_wifi_set_vendor_ie(false, WIFI_VND_IE_TYPE_BEACON, WIFI_VND_IE_ID_0, IE_data) != ESP_OK)
....
free(IE_data);