RESTRICT AUTOMERGE: aaudio: Fix converting negative FIFO counters to index

The index into the FIFO is calculated by using:

    counter % capacity

But the counter is signed and when it is negative the
modulo can have a negative result. That can cause
a negative array index and an access out of bounds.

This is not normally a problem because the counter
is 64 bits and it will not overflow until the audio
has run for a few million years. But a hacker might
be able to modify this internal counter and force
an error.

The solution involves casting to a uint64_t before doing
the modulo.

Note that there may still be a discontinuity when the
counter wraps from -1 to 0. But that will not result
in an out-of-bounds access. It may cause a noise but
an app could simply create a noise directly. So that is
not considered an exploit.

Bug: 120789744
Test: test_atomic_fifo.cpp
Change-Id: I6fe57bcb44528d29b5edb817c592e5e9a8aaf8eb
(cherry picked from commit f4f81427681d2a736fc9b783dd967bc0661cca73)
1 file changed