On Sun, Dec 06, 2020 at 05:14:18PM +0000, Michael Kelley wrote: > From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Wednesday, November 18, 2020 6:37 AM > > > > vmbus_on_msg_dpc() double fetches from payload_size. The double fetch > > can lead to a buffer overflow when (mem)copying the hv_message object. > > Avoid the double fetch by saving the value of payload_size into a local > > variable. > > Similar comment here about providing some brief context in the commit > message on the problem that we are guarding against by removing the > double fetch. Will expand. > > I could see combining this patch with the previous one since the > motivation and pattern of the changes are exactly the same, just for > two different fields. Will consider this suggestion for v3. Please see v2 for a related discussion. Andrea
