Fix audioflinger in overflow sanitized builds. The loop as constructed in Track::triggerEvents potentially leads to two unsigned integer overflows on the i = 0 loop. This refactors the loop to prevent the overflow. Bug: 30969751 Test: Compiles and device boots. Change-Id: I7ac3223ab3197f5c475a4d09c99e6f05d0ddb208 Merged-In: I7ac3223ab3197f5c475a4d09c99e6f05d0ddb208

commit: cd4a011d5da12386bb74dd3a2e31367536fe3423 [log] [tgz]
author: Ivan Lozano <ivanlozano@google.com> Wed Dec 06 10:00:28 2017 -0800
committer: Ivan Lozano <ivanlozano@google.com> Tue Dec 19 16:11:26 2017 -0800
tree: 438bc108171a2b4edfe4212a11bd2113ad0a52f1
parent: 240201e27b1722009907a31983825668f2416ec2 [diff] [blame]
diff --git a/services/audioflinger/Tracks.cpp b/services/audioflinger/Tracks.cpp
index 0f25153..fe93367 100644
--- a/services/audioflinger/Tracks.cpp
+++ b/services/audioflinger/Tracks.cpp

@@ -1101,11 +1101,12 @@
 
 void AudioFlinger::PlaybackThread::Track::triggerEvents(AudioSystem::sync_event_t type)
 {
-    for (size_t i = 0; i < mSyncEvents.size(); i++) {
+    for (size_t i = 0; i < mSyncEvents.size();) {
         if (mSyncEvents[i]->type() == type) {
             mSyncEvents[i]->trigger();
             mSyncEvents.removeAt(i);
-            i--;
+        } else {
+            ++i;
         }
     }
 }
commit	cd4a011d5da12386bb74dd3a2e31367536fe3423	[log] [tgz]
author	Ivan Lozano <ivanlozano@google.com>	Wed Dec 06 10:00:28 2017 -0800
committer	Ivan Lozano <ivanlozano@google.com>	Tue Dec 19 16:11:26 2017 -0800
tree	438bc108171a2b4edfe4212a11bd2113ad0a52f1
parent	240201e27b1722009907a31983825668f2416ec2 [diff] [blame]