qcacld-3.0: Fix possible integer overflow in lim

In the function lim_process_sme_update_access_policy_vendor_ie,
update_vendor_ie is parsed from the incomming msg. num_bytes is
the length of the IE and is retrived as
update_vendor_ie->ie[1]+2. This num_bytes value is used as the
size to copy the IE to pe_session_entry->access_policy_vendor_ie
The update_vendor_ie->ie[1] can have a maximum value of
SIR_MAC_MAX_IE_LENGTH . As the num_bytes is of uint8_t,a
possible integer overflow can occur in
lim_process_sme_update_access_policy_vendor_ie when num_bytes is
assigned with update_vendor_ie->ie[1].

Change the data type of the num_bytes to uint16_t so that it can
hold the value of update_vendor_ie->ie[1] without truncation.

Change-Id: I05c7e83a741bf1c9c0707be51f97eae9eff1ac97
CRs-Fixed: 2235044

core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -4466,7 +4466,7 @@ static void lim_process_sme_update_access_policy_vendor_ie(
 {
 	struct sme_update_access_policy_vendor_ie *update_vendor_ie;
 	struct sPESession *pe_session_entry;
-	uint8_t num_bytes;
+	uint16_t num_bytes;
 
 	if (!msg) {
 		pe_err("Buffer is Pointing to NULL");