From fa7cf55b442ef868a70b0782d2e7a157d6a2c3fd Mon Sep 17 00:00:00 2001
From: Ksawlii <ksawery.blaszczak@proton.me>
Date: Sun, 24 Nov 2024 00:23:38 +0100
Subject: [PATCH] Revert "binder: fix UAF caused by offsets overwrite"

This reverts commit 5a900b02fb3fe9bdb2ac61ba0cbdbbc7fa1b68f3.
---
 drivers/android/binder.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 616e250ab..5c76ac061 100755
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -3552,7 +3552,6 @@ static void binder_transaction(struct binder_proc *proc,
 		 */
 		copy_size = object_offset - user_offset;
 		if (copy_size && (user_offset > object_offset ||
-				object_offset > tr->data_size ||
 				binder_alloc_copy_user_to_buffer(
 					&target_proc->alloc,
 					t->buffer, user_offset,