Staging: dream, fix buf overflow

In vfe_send_msg_no_payload there is a wrong struct vfe_message allocation.
It allocates only sizeof(pointer to vfe_message) for a whole structure.
Add a dereference to the sizeof to allocate sizeof(vfe_message).

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

drivers/staging/dream/camera/msm_vfe8x_proc.c

@@ -818,7 +818,7 @@ static void vfe_send_msg_no_payload(enum VFE_MESSAGE_ID id)
 {
 	struct vfe_message *msg;
 
-	msg = kzalloc(sizeof(msg), GFP_ATOMIC);
+	msg = kzalloc(sizeof(*msg), GFP_ATOMIC);
 	if (!msg)
 		return;