Input: pcf8574_keypad - fix off by one in pcf8574_kp_irq_handler()

If nextstate == ARRAY_SIZE(lp->btncode), then we read one past the end of
the array on the next line.

This fixes a smatch warning:
drivers/input/misc/pcf8574_keypad.c +74 pcf8574_kp_irq_handler(8)
	error: buffer overflow 'lp->btncode' 17 <= 17

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
diff --git a/drivers/input/misc/pcf8574_keypad.c b/drivers/input/misc/pcf8574_keypad.c
index 5c3ac4e..376e54d 100644
--- a/drivers/input/misc/pcf8574_keypad.c
+++ b/drivers/input/misc/pcf8574_keypad.c
@@ -69,7 +69,7 @@
 	unsigned char nextstate = read_state(lp);
 
 	if (lp->laststate != nextstate) {
-		int key_down = nextstate <= ARRAY_SIZE(lp->btncode);
+		int key_down = nextstate < ARRAY_SIZE(lp->btncode);
 		unsigned short keycode = key_down ?
 			lp->btncode[nextstate] : lp->btncode[lp->laststate];