WNM: Fix deinit path to clean neighbor report count

wnm_deallocate_memory() left wnm_num_neighbor_report set while freeing
the allocated buffer of neighbor reports. If this function was called
twice in a row without having went through new neighbor report parsing,
invalid pointers could have been freed resulted in segfault.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

wpa_supplicant/wnm_sta.c

@@ -319,6 +319,7 @@ void wnm_deallocate_memory(struct wpa_supplicant *wpa_s)
 		os_free(wpa_s->wnm_neighbor_report_elements[i].mul_bssid);
 	}
 
+	wpa_s->wnm_num_neighbor_report = 0;
 	os_free(wpa_s->wnm_neighbor_report_elements);
 	wpa_s->wnm_neighbor_report_elements = NULL;
 }