msm: eva: Correction in the buffer validity check

Offset of kmd_arg is expected to be in words (As we are feeding the
offset in word size from UMD lib). Whereas the validity check function
treats it as bytes which is wrong. This might lead to crash if lager offset
is feed from UMD via ioctl call.

Change-Id: I7de76cea5abe9a34d4194d041af7a3af7550d86d
Signed-off-by: Aniruddh Sharma <[email protected]>

msm/eva/msm_cvp.h

@@ -22,7 +22,7 @@ static inline bool is_buf_param_valid(u32 buf_num, u32 offset)
 	if (buf_num > max_buf_num)
 		return false;
 
-	if ((offset + buf_num * sizeof(struct cvp_buf_type)) >
+	if ((offset * sizeof(u32) + buf_num * sizeof(struct cvp_buf_type)) >
 			sizeof(struct eva_kmd_hfi_packet))
 		return false;