msm: camera: sensor: update the length checking for wait cmd

Do correct length check for cmd_buf in command
CAMERA_SENSOR_CMD_TYPE_WAIT, we need to make sure the
length of cmd_buf is effective for each generic_op_code.

CRs-Fixed: 3241357
Change-Id: I6894c98a2dcf6569c7127fde12d4c94b080dca3c
Signed-off-by: mingpan <[email protected]>

drivers/cam_sensor_module/cam_sensor_utils/cam_sensor_util.c

@@ -732,13 +732,19 @@ int cam_sensor_i2c_command_parser(
 				break;
 			}
 			case CAMERA_SENSOR_CMD_TYPE_WAIT: {
-				if ((remain_len - byte_cnt) <
-				sizeof(struct cam_cmd_unconditional_wait)) {
+				if ((((generic_op_code == CAMERA_SENSOR_WAIT_OP_HW_UCND) ||
+					(generic_op_code == CAMERA_SENSOR_WAIT_OP_SW_UCND)) &&
+					((remain_len - byte_cnt) <
+					sizeof(struct cam_cmd_unconditional_wait))) ||
+					((generic_op_code == CAMERA_SENSOR_WAIT_OP_COND) &&
+					((remain_len - byte_cnt) <
+					sizeof(struct cam_cmd_conditional_wait)))) {
 					CAM_ERR(CAM_SENSOR,
 						"Not enough buffer space");
 					rc = -EINVAL;
 					goto end;
 				}
+
 				if (generic_op_code ==
 					CAMERA_SENSOR_WAIT_OP_HW_UCND ||
 					generic_op_code ==