sdhci: Assertion wpnum < sd->wpgrps_size failed

Hello,

Reproducer

cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest -m 512m \
-nodefaults -device sdhci-pci,sd-spec-version=3 -device sd-card,drive=mydrive \
-drive if=none,index=0,file=null-co://,format=raw,id=mydrive \
-nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xd0690
outl 0xcf8 0x80001003
outl 0xcf8 0x80001013
outl 0xcfc 0xffffffff
outl 0xcf8 0x80001003
outl 0xcfc 0x3effe00
write 0xff0d062c 0x1 0xff
write 0xff0d060f 0x1 0xb7
write 0xff0d060a 0x1 0xc9
write 0xff0d060f 0x1 0x29
write 0xff0d060f 0x1 0xc2
write 0xff0d0628 0x1 0xf7
write 0x0 0x1 0xe3
write 0x7 0x1 0x13
write 0x8 0x1 0xe3
write 0xf 0x1 0xe3
write 0xff0d060f 0x1 0x03
write 0xff0d0605 0x1 0x01
write 0xff0d060b 0x1 0xff
write 0xff0d060c 0x1 0xff
write 0xff0d060e 0x1 0xff
write 0xff0d060f 0x1 0x06
write 0xff0d060f 0x1 0x9e
EOF

Stack-Trace

qemu-fuzz-i386: hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t): Assertion `wpnum < sd->wpgrps_size' failed.
==11578== ERROR: libFuzzer: deadly signal
#0 0x5555582c4441 in __sanitizer_print_stack_trace (qemu-fuzz-i386+0x2d70441)
#1 0x55555820ceb8 in fuzzer::PrintStackTrace() fuzzer.o
#2 0x5555581f04b3 in fuzzer::Fuzzer::CrashCallback() fuzzer.o
#3 0x7ffff645b10f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1410f)
#4 0x7ffff6295760 in __libc_signal_restore_set
#5 0x7ffff6295760 in raise
#6 0x7ffff627f55a in abort
#7 0x7ffff627f42e in __assert_fail_base
#8 0x7ffff628e091 in __assert_fail
#9 0x5555588f1a3c in sd_wpbits hw/sd/sd.c:824:9
#10 0x5555588dd271 in sd_normal_command hw/sd/sd.c:1383:38
#11 0x5555588d777c in sd_do_command hw/sd/sd.c
#12 0x555558cb25a0 in sdbus_do_command hw/sd/core.c:100:16
#13 0x555558e02a9a in sdhci_send_command hw/sd/sdhci.c:337:12
#14 0x555558dffa46 in sdhci_write hw/sd/sdhci.c:1187:9
#15 0x5555598b9d76 in memory_region_write_accessor softmmu/memory.c:489:5

OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29225

libqtest Reproducer: reproducer.c

Thank you