Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert "binder: fix UAF caused by offsets overwrite"

Browse source 
This reverts commit 5a900b02fb.
This commit is contained in:
Ksawlii 2024-11-24 00:23:38 +01:00
parent 62198fea21
commit fa7cf55b44
1 changed files with 0 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
drivers/android/binder.c
View file

@ -3552,7 +3552,6 @@ static void binder_transaction(struct binder_proc *proc,
*/ */
copy_size = object_offset - user_offset; copy_size = object_offset - user_offset;
if (copy_size && (user_offset > object_offset || if (copy_size && (user_offset > object_offset ||
object_offset > tr->data_size ||
binder_alloc_copy_user_to_buffer( binder_alloc_copy_user_to_buffer(
&target_proc->alloc, &target_proc->alloc,
t->buffer, user_offset, t->buffer, user_offset,