wavecom: Fix unaligned memory access and silent stack corruption

The parameters were uint16_t and we asked the libc to make a
store of uint32_t. So 16bit were written to the wrong part of
the struct and on ARM this is causing unaligned memory access.

Use the %hx to make a uint16_t store and avoid the above issue.

GDB
 #0  0x4d4d0a20 in _IO_vfscanf () from /lib/libc.so.6
 (gdb) bt
 #0  0x4d4d0a20 in _IO_vfscanf () from /lib/libc.so.6
 #1  0x4d4d5d54 in __isoc99_vsscanf () from /lib/libc.so.6
 #2  0x4d4d5cd0 in __isoc99_sscanf () from /lib/libc.so.6
 #3  0x400a597c in ?? () from /usr/lib/gsmd/libgsmd-vendor_wavecom.so
 Cannot access memory at address 0x3

Clang:
vendor_wavecom.c:114:21: warning: format specifies type 'unsigned int *' but the argument has
      type 'u_int16_t *' (aka 'unsigned short *') [-Wformat]
                sscanf(tok, "%x", &aux->u.cell_info.ci);
                             ~~   ^~~~~~~~~~~~~~~~~~~~
                             %hx

1 files changed, 4 insertions, 4 deletions

diff --git a/src/gsmd/vendor_wavecom.c b/src/gsmd/vendor_wavecom.c
index 18253db..b1b6929 100644
--- a/src/gsmd/vendor_wavecom.c
+++ b/src/gsmd/vendor_wavecom.c
@@ -75,9 +75,9 @@ static int cced_parse(const char *buf, int len, const char *param,
 	TOK_OR_OUT(tok);
 	aux->u.cell_info.mnc = atoi(tok);
 	TOK_OR_OUT(tok);
-	sscanf(tok, "%x", &aux->u.cell_info.lac);
+	sscanf(tok, "%hx", &aux->u.cell_info.lac);
 	TOK_OR_OUT(tok);
-	sscanf(tok, "%x", &aux->u.cell_info.ci);
+	sscanf(tok, "%hx", &aux->u.cell_info.ci);
 	TOK_OR_OUT(tok);
 	aux->u.cell_info.bsic = atoi(tok);
 	TOK_OR_OUT(tok);
@@ -109,9 +109,9 @@ static int cced_parse(const char *buf, int len, const char *param,
 		TOK_OR_OUT(tok);
 		aux->u.cell_info.mnc = atoi(tok);
 		TOK_OR_OUT(tok);
-		sscanf(tok, "%x", &aux->u.cell_info.lac);
+		sscanf(tok, "%hx", &aux->u.cell_info.lac);
 		TOK_OR_OUT(tok);
-		sscanf(tok, "%x", &aux->u.cell_info.ci);
+		sscanf(tok, "%hx", &aux->u.cell_info.ci);
 		TOK_OR_OUT(tok);
 		aux->u.cell_info.bsic = atoi(tok);
 		TOK_OR_OUT(tok);