Epoll: Use correct value to initialize mmsghdr.msg_namelen by normanmaurer · Pull Request #16460 · netty/netty

normanmaurer · 2026-03-13T13:00:24Z

Motivation:

We did use the incorrect value for the msg_namelen and so could in theory result in an overflow if the kernel really use this value for the last element.

Modifications:

Use correct value

Result:

No risk of overflow during recvmmsg

Motivation: We did use the incorrect value for the msg_namelen and so could in theory result in an overflow if the kernel really use this value for the last element. Modifications: Use correct value Result: No risk of overflow during recvmmsg

chrisvest · 2026-03-13T19:23:08Z

@@ -628,7 +628,7 @@ static jint netty_epoll_native_recvmmsg0(JNIEnv* env, jclass clazz, jint fd, jbo
        msg[i].msg_hdr.msg_iovlen = (*env)->GetIntField(env, packet, packetCountFieldId);

        msg[i].msg_hdr.msg_name = addr + i;


Suggested change

msg[i].msg_hdr.msg_name = addr + i;

msg[i].msg_hdr.msg_name = &addr[i];

Spotted this, where it looks like we're trying to get the pointer to each addr element, but do so incorrectly and instead get a byte-offset from the addr VLA.

Apparently in C, addition is type-specific so add + i will indeed reference the ith element, but I still think we should change it because it's kind of a wild concept and looks weird.

yeah this just works as expected ... welcome to C :D We can do this as a follow as its not related to this PR.

chrisvest · 2026-03-13T19:24:34Z

+        msg[i].msg_hdr.msg_namelen = (socklen_t) storageSize;

        if (cntrlbuf != NULL) {
            msg[i].msg_hdr.msg_control =  cntrlbuf + i * storageSize;


Could use the more idiomatic pattern here as well, but I think this code is otherwise correct as is.

Motivation: We did use the incorrect value for the msg_namelen and so could in theory result in an overflow if the kernel really use this value for the last element. Modifications: Use correct value Result: No risk of overflow during recvmmsg (cherry picked from commit 29a5efc)

netty-project-bot · 2026-03-14T14:10:36Z

Auto-port PR for 5.0: #16466

Motivation: We did use the incorrect value for the msg_namelen and so could in theory result in an overflow if the kernel really use this value for the last element. Modifications: Use correct value Result: No risk of overflow during recvmmsg (cherry picked from commit 29a5efc)

netty-project-bot · 2026-03-14T14:10:46Z

Auto-port PR for 4.1: #16467

…elen (#16467) Auto-port of #16460 to 4.1 Cherry-picked commit: 29a5efc --- Motivation: We did use the incorrect value for the msg_namelen and so could in theory result in an overflow if the kernel really use this value for the last element. Modifications: Use correct value Result: No risk of overflow during recvmmsg Co-authored-by: Norman Maurer <[email protected]>

…elen (#16466) Auto-port of #16460 to 5.0 Cherry-picked commit: 29a5efc --- Motivation: We did use the incorrect value for the msg_namelen and so could in theory result in an overflow if the kernel really use this value for the last element. Modifications: Use correct value Result: No risk of overflow during recvmmsg Co-authored-by: Norman Maurer <[email protected]>

normanmaurer added this to the 4.2.11.Final milestone Mar 13, 2026

normanmaurer added needs-cherry-pick-4.1 This PR should be cherry-picked to 4.1 once merged. needs-cherry-pick-5.0 This PR should be cherry-picked to 5.0 once merged. labels Mar 13, 2026

chrisvest reviewed Mar 13, 2026

View reviewed changes

normanmaurer merged commit 29a5efc into 4.2 Mar 14, 2026
24 checks passed

normanmaurer deleted the recvmmsg_msg_namelen branch March 14, 2026 14:10

github-actions Bot removed the needs-cherry-pick-5.0 This PR should be cherry-picked to 5.0 once merged. label Mar 14, 2026

netty-project-bot mentioned this pull request Mar 14, 2026

Auto-port 5.0: Epoll: Use correct value to initialize mmsghdr.msg_namelen #16466

Merged

github-actions Bot removed the needs-cherry-pick-4.1 This PR should be cherry-picked to 4.1 once merged. label Mar 14, 2026

netty-project-bot mentioned this pull request Mar 14, 2026

Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen #16467

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Epoll: Use correct value to initialize mmsghdr.msg_namelen#16460

Epoll: Use correct value to initialize mmsghdr.msg_namelen#16460
normanmaurer merged 1 commit into
4.2from
recvmmsg_msg_namelen

normanmaurer commented Mar 13, 2026

Uh oh!

chrisvest Mar 13, 2026

Uh oh!

chrisvest Mar 14, 2026

Uh oh!

normanmaurer Mar 14, 2026

Uh oh!

chrisvest Mar 13, 2026

Uh oh!

Uh oh!

netty-project-bot commented Mar 14, 2026

Uh oh!

netty-project-bot commented Mar 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

		@@ -628,7 +628,7 @@ static jint netty_epoll_native_recvmmsg0(JNIEnv* env, jclass clazz, jint fd, jbo
		msg[i].msg_hdr.msg_iovlen = (*env)->GetIntField(env, packet, packetCountFieldId);

		msg[i].msg_hdr.msg_name = addr + i;

	msg[i].msg_hdr.msg_name = addr + i;
	msg[i].msg_hdr.msg_name = &addr[i];

Uh oh!

Conversation

normanmaurer commented Mar 13, 2026

Uh oh!

chrisvest Mar 13, 2026

Choose a reason for hiding this comment

Uh oh!

chrisvest Mar 14, 2026

Choose a reason for hiding this comment

Uh oh!

normanmaurer Mar 14, 2026

Choose a reason for hiding this comment

Uh oh!

chrisvest Mar 13, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

netty-project-bot commented Mar 14, 2026

Uh oh!

netty-project-bot commented Mar 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants