ADHOC/replicant-frameworks_native
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Binder: Don't cast directly from a pointer to binder_uintptr_t

Browse Source 
When using the 64 bit binder interface from a 32 bit process the
pointer may get sign extended and cause the kernel to fail to read
from it.

Change-Id: I90fcf53880e2aa92e230a9723f9b3f7696170e32
This commit is contained in:
Arve Hjønnevåg 2014-02-18 21:04:31 -08:00
parent 11cfdccfd3
commit 87b30d0447
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/binder/IPCThreadState.cpp
View File

@ -921,7 +921,7 @@ status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
tr.flags |= TF_STATUS_CODE; tr.flags |= TF_STATUS_CODE;
*statusBuffer = err; *statusBuffer = err;
tr.data_size = sizeof(status_t); tr.data_size = sizeof(status_t);
tr.data.ptr.buffer = reinterpret_cast<binder_uintptr_t>(statusBuffer); tr.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer);
tr.offsets_size = 0; tr.offsets_size = 0;
tr.data.ptr.offsets = 0; tr.data.ptr.offsets = 0;
} else { } else {