msm: mdss: fix possible overflow errors in panel_debug_base_reg_read

The panel_reg_buf is a dynamically allocated buffer of size reg_buf_len
so checking sizeof(panel_reg_buf) is incorrect.  Using scnprintf will
ensure that len is at most reg_buf_len - 1 after all the prints.  This
allows sanity checks to be removed which were incorrectly skipping
clock disable, resulting in an extra clock reference count.

Change-Id: Ic3bb685c7b83eefef7bc207ad93d6a2a9e36fd33
Signed-off-by: Patrick Auchter <auchter@motorola.com>
Signed-off-by: Veera Sundaram Sankaran <veeras@codeaurora.org>
(cherry picked from commit 89bede0751357bc24701b8ebfe326d3e6bb46683)

drivers/video/fbdev/msm/mdss_debug.c

@@ -244,23 +244,19 @@ static ssize_t panel_debug_base_reg_read(struct file *file,
 	mdss_dsi_panel_cmd_read(ctrl_pdata, panel_reg[0], panel_reg[1],
 				NULL, rx_buf, dbg->cnt);
 
-	len = snprintf(panel_reg_buf, reg_buf_len, "0x%02zx: ", dbg->off);
+	len = scnprintf(panel_reg_buf, reg_buf_len, "0x%02zx: ", dbg->off);
-	if (len < 0)
-		goto read_reg_fail;
 
 	for (i = 0; (len < reg_buf_len) && (i < ctrl_pdata->rx_len); i++)
 		len += scnprintf(panel_reg_buf + len, reg_buf_len - len,
 				"0x%02x ", rx_buf[i]);
 
+	if (len)
 		panel_reg_buf[len - 1] = '\n';
 
 	if (mdata->debug_inf.debug_enable_clock)
 		mdata->debug_inf.debug_enable_clock(0);
 
-	if (len < 0 || len >= sizeof(panel_reg_buf))
+	if ((count < reg_buf_len)
-		return 0;
-
-	if ((count < sizeof(panel_reg_buf))
 			|| (copy_to_user(user_buf, panel_reg_buf, len)))
 		goto read_reg_fail;