msm: ais: fix off-by-one overflow in msm_isp_get_bufq

In msm_isp_get_bufq, if bufq_index == buf_mgr->num_buf_q,
it will pass the check, leading to off-by-one overflow
(exceed the length of array by one element).

Change-Id: Iccf02b68314e770ad9fae41973cad6ff7700b822
Signed-off-by: E V Ravi <evenka@codeaurora.org>

drivers/media/platform/msm/ais/isp/msm_buf_mgr.c

@@ -86,7 +86,7 @@ static struct msm_isp_bufq *msm_isp_get_bufq(
 	/* bufq_handle cannot be 0 */
 	if ((bufq_handle == 0) ||
 		bufq_index >= BUF_MGR_NUM_BUF_Q ||
-		(bufq_index > buf_mgr->num_buf_q))
+		(bufq_index >= buf_mgr->num_buf_q))
 		return NULL;
 
 	bufq = &buf_mgr->bufq[bufq_index];