Fix sanitizer in surfaceflinger waitForEvent.

The loop in EventThread::waitForEvent as it is currently constructed
results in two unsigned overflows as a result of the increment/decrement
operation. This causes runtime errors on integer sanitized builds.
This patch refactors the loop to avoid these overflows.

Bug: 30969751
Test: Compiles and device boots. Runtime error no longer emitted.

Change-Id: I2eaa44c0910f19847d366210cafc947efaebfb2d

1 files changed, 3 insertions, 2 deletions

diff --git a/services/surfaceflinger/EventThread.cpp b/services/surfaceflinger/EventThread.cpp
index a9bb2ba0e1..f647742e2c 100644
--- a/services/surfaceflinger/EventThread.cpp
+++ b/services/surfaceflinger/EventThread.cpp
@@ -248,7 +248,7 @@ Vector< sp<EventThread::Connection> > EventThread::waitForEvent(
 
         // find out connections waiting for events
         size_t count = mDisplayEventConnections.size();
-        for (size_t i=0 ; i<count ; i++) {
+        for (size_t i=0 ; i<count ; ) {
             sp<Connection> connection(mDisplayEventConnections[i].promote());
             if (connection != NULL) {
                 bool added = false;
@@ -279,11 +279,12 @@ Vector< sp<EventThread::Connection> > EventThread::waitForEvent(
                     // messages.
                     signalConnections.add(connection);
                 }
+                ++i;
             } else {
                 // we couldn't promote this reference, the connection has
                 // died, so clean-up!
                 mDisplayEventConnections.removeAt(i);
-                --i; --count;
+                --count;
             }
         }