From 78b92d2c5af2b50f1c3a5d5be9e12f55f62a28c5 Mon Sep 17 00:00:00 2001
From: Li Sha Lim <quic_lishlim@quicinc.com>
Date: Wed, 10 Jul 2024 10:23:25 -0700
Subject: [PATCH] msm: camera: isp: Fix incorrect offset validation in
 __cam_isp_ctx_dump_event_record

sizeof(struct cam_isp_context_dump_header) only accounted for once
instead of num_entries times for minimum offset needed when dumping
event record of isp context.

CRs-Fixed: 3865205
Change-Id: I6db25ba2dc4022c2582493aadc4875f9bf9ddb62
Signed-off-by: Li Sha Lim <quic_lishlim@quicinc.com>
---
 drivers/cam_isp/cam_isp_context.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/cam_isp/cam_isp_context.c b/drivers/cam_isp/cam_isp_context.c
index b5f9f6123c..d66fcf356e 100644
--- a/drivers/cam_isp/cam_isp_context.c
+++ b/drivers/cam_isp/cam_isp_context.c
@@ -286,9 +286,8 @@ static int __cam_isp_ctx_dump_event_record(
 			return -ENOSPC;
 		}
 
-		min_len = sizeof(struct cam_isp_context_dump_header) +
-			((num_entries * CAM_ISP_CTX_DUMP_EVENT_NUM_WORDS) *
-				sizeof(uint64_t));
+		min_len = (sizeof(struct cam_isp_context_dump_header) +
+			(CAM_ISP_CTX_DUMP_EVENT_NUM_WORDS * sizeof(uint64_t))) * num_entries;
 		remain_len = dump_args->buf_len - dump_args->offset;
 
 		if (remain_len < min_len) {