Description: binder: fix incorrect calculation for num_valid
References:
 https://source.android.com/security/bulletin/2020-03-01
Notes:
 carnil> Commit fixes bde4a19fc04f ("binder: use userspace pointer as
 carnil> base of buffer space") in 5.1-rc1 so might indeed not affect
 carnil> earlier releases.
Bugs:
upstream: released (5.5-rc2) [16981742717b04644a41052570fb502682a315d2]
4.19-upstream-stable: N/A "Vulnerability introduced later"
4.9-upstream-stable: N/A "Vulnerability introduced later"
3.16-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.4.6-1)
4.19-buster-security: N/A "Vulnerability introduced later"
4.9-stretch-security: N/A "Vulnerability introduced later"
3.16-jessie-security: N/A "Vulnerability introduced later"