msm: mdss: check the length of the external input buffer properly

dchdr->dlen is a short variable controlled by the user-provided data
(a string). If the value is negative, the condition does not pass
and loop continues, also increasing the value of "len". As a result
buffer overflow and overwrite occurs.

Change-Id: I5eacec446c9a8b5b82fc3bc6d1281303f336d4de
Signed-off-by: Ashish Garg <ashigarg@codeaurora.org>