OSDN Git Service
(root)
/
android-x86
/
frameworks-native.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
11cfdcc
)
Binder: Don't cast directly from a pointer to binder_uintptr_t
author
Arve Hjønnevåg
<arve@android.com>
Wed, 19 Feb 2014 05:04:31 +0000
(21:04 -0800)
committer
Arve Hjønnevåg
<arve@android.com>
Wed, 19 Feb 2014 05:14:39 +0000
(21:14 -0800)
When using the 64 bit binder interface from a 32 bit process the
pointer may get sign extended and cause the kernel to fail to read
from it.
Change-Id: I90fcf53880e2aa92e230a9723f9b3f7696170e32
libs/binder/IPCThreadState.cpp
patch
|
blob
|
history
diff --git
a/libs/binder/IPCThreadState.cpp
b/libs/binder/IPCThreadState.cpp
index
7796309
..
65329f5
100644
(file)
--- a/
libs/binder/IPCThreadState.cpp
+++ b/
libs/binder/IPCThreadState.cpp
@@
-921,7
+921,7
@@
status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
tr.flags |= TF_STATUS_CODE;
*statusBuffer = err;
tr.data_size = sizeof(status_t);
- tr.data.ptr.buffer = reinterpret_cast<
binder_
uintptr_t>(statusBuffer);
+ tr.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer);
tr.offsets_size = 0;
tr.data.ptr.offsets = 0;
} else {
OSDN Git Service
