From 87b30d0447829167b2d83f4f61f702638d937524 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= <arve@android.com>
Date: Tue, 18 Feb 2014 21:04:31 -0800
Subject: [PATCH] Binder: Don't cast directly from a pointer to
 binder_uintptr_t

When using the 64 bit binder interface from a 32 bit process the
pointer may get sign extended and cause the kernel to fail to read
from it.

Change-Id: I90fcf53880e2aa92e230a9723f9b3f7696170e32
---
 libs/binder/IPCThreadState.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp
index 7796309593..65329f5e92 100644
--- a/libs/binder/IPCThreadState.cpp
+++ b/libs/binder/IPCThreadState.cpp
@@ -921,7 +921,7 @@ status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
         tr.flags |= TF_STATUS_CODE;
         *statusBuffer = err;
         tr.data_size = sizeof(status_t);
-        tr.data.ptr.buffer = reinterpret_cast<binder_uintptr_t>(statusBuffer);
+        tr.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer);
         tr.offsets_size = 0;
         tr.data.ptr.offsets = 0;
     } else {
-- 
2.11.0