msm: camera: icp: Fixing OOB read in icp manager

					num_cmd_buf-- : 0;

				goto rel_cmd_buf;

			}

			if ((len <= cmd_desc[i].offset) ||

				(cmd_desc[i].size < cmd_desc[i].length) ||

				((len - cmd_desc[i].offset) <

				cmd_desc[i].length)) {

				CAM_ERR(CAM_ICP, "Invalid offset or length");

				goto rel_cmd_buf;

			}

			cpu_addr = cpu_addr + cmd_desc[i].offset;

		}

	}