Loading drivers/staging/android/binder.c +5 −4 Original line number Diff line number Diff line Loading @@ -141,6 +141,8 @@ module_param_call(stop_on_user_error, binder_set_stop_on_user_error, binder_stop_on_user_error = 2; \ } while (0) #define align_helper(ptr) ALIGN(ptr, sizeof(void *)) enum binder_stat_types { BINDER_STAT_PROC, BINDER_STAT_THREAD, Loading Loading @@ -1240,7 +1242,7 @@ static void binder_transaction_buffer_release(struct binder_proc *proc, if (buffer->target_node) binder_dec_node(buffer->target_node, 1, 0); offp = (size_t *)(buffer->data + ALIGN(buffer->data_size, sizeof(void *))); offp = (size_t *)(buffer->data + align_helper(buffer->data_size)); if (failed_at) off_end = failed_at; else Loading Loading @@ -1477,7 +1479,7 @@ static void binder_transaction(struct binder_proc *proc, if (target_node) binder_inc_node(target_node, 1, 0, NULL); offp = (size_t *)(t->buffer->data + ALIGN(tr->data_size, sizeof(void *))); offp = (size_t *)(t->buffer->data + align_helper(tr->data_size)); if (copy_from_user(t->buffer->data, tr->data.ptr.buffer, tr->data_size)) { binder_user_error("%d:%d got transaction with invalid data ptr\n", Loading Loading @@ -2396,8 +2398,7 @@ retry: tr.data.ptr.buffer = (void *)t->buffer->data + proc->user_buffer_offset; tr.data.ptr.offsets = tr.data.ptr.buffer + ALIGN(t->buffer->data_size, sizeof(void *)); align_helper(t->buffer->data_size); if (binder_copy_to_user(cmd, &tr, &ptr, sizeof(struct binder_transaction_data))) return -EFAULT; Loading Loading
drivers/staging/android/binder.c +5 −4 Original line number Diff line number Diff line Loading @@ -141,6 +141,8 @@ module_param_call(stop_on_user_error, binder_set_stop_on_user_error, binder_stop_on_user_error = 2; \ } while (0) #define align_helper(ptr) ALIGN(ptr, sizeof(void *)) enum binder_stat_types { BINDER_STAT_PROC, BINDER_STAT_THREAD, Loading Loading @@ -1240,7 +1242,7 @@ static void binder_transaction_buffer_release(struct binder_proc *proc, if (buffer->target_node) binder_dec_node(buffer->target_node, 1, 0); offp = (size_t *)(buffer->data + ALIGN(buffer->data_size, sizeof(void *))); offp = (size_t *)(buffer->data + align_helper(buffer->data_size)); if (failed_at) off_end = failed_at; else Loading Loading @@ -1477,7 +1479,7 @@ static void binder_transaction(struct binder_proc *proc, if (target_node) binder_inc_node(target_node, 1, 0, NULL); offp = (size_t *)(t->buffer->data + ALIGN(tr->data_size, sizeof(void *))); offp = (size_t *)(t->buffer->data + align_helper(tr->data_size)); if (copy_from_user(t->buffer->data, tr->data.ptr.buffer, tr->data_size)) { binder_user_error("%d:%d got transaction with invalid data ptr\n", Loading Loading @@ -2396,8 +2398,7 @@ retry: tr.data.ptr.buffer = (void *)t->buffer->data + proc->user_buffer_offset; tr.data.ptr.offsets = tr.data.ptr.buffer + ALIGN(t->buffer->data_size, sizeof(void *)); align_helper(t->buffer->data_size); if (binder_copy_to_user(cmd, &tr, &ptr, sizeof(struct binder_transaction_data))) return -EFAULT; Loading
