qcacmn: Avoid to memory access out of bounds

It uses point to 16 bits variable as 32 bits pointer when setting ta ra configurations to default. This causes memory access out of bounds. Change-Id: Ifa7adb0249cb23fdf71e53f04b92b62c1b215632 CRs-Fixed: 2677422
2020-05-02 11:07:25 +08:00
--- a/target_if/cfr/src/target_if_cfr.c
+++ b/target_if/cfr/src/target_if_cfr.c
@@ -366,14 +366,14 @@ void target_if_cfr_default_ta_ra_config(struct cfr_rcc_param *rcc_info,
 {
 	struct ta_ra_cfr_cfg *curr_cfg = NULL;
 	int grp_id;
-
+	unsigned long bitmap = reset_cfg;
 	uint8_t def_mac[QDF_MAC_ADDR_SIZE] = {0xFF, 0xFF, 0xFF,
 		0xFF, 0xFF, 0xFF};
 	uint8_t null_mac[QDF_MAC_ADDR_SIZE] = {0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00};

 	for (grp_id = 0; grp_id < MAX_TA_RA_ENTRIES; grp_id++) {
-		if (qdf_test_bit(grp_id, (unsigned long *)&reset_cfg)) {
+		if (qdf_test_bit(grp_id, &bitmap)) {
 			curr_cfg = &rcc_info->curr[grp_id];
 			qdf_mem_copy(curr_cfg->tx_addr,
 				     null_mac, QDF_MAC_ADDR_SIZE);