While the top of ares_parse_srv_reply() checks the srv_out and nsrvreply
arguments to make sure they are non-NULL before using them, the bottom of
the function does not:
ares_parse_srv_reply(const unsigned char *abuf, int alen, struct srv_reply
**srv_out, int *nsrvreply)
{
// ... snip ... Near top, line ~66
/* Set *srv_out to NULL for all failure cases. */
if (srv_out)
*srv_out = NULL;
/* Same with *nsrvreply. */
if (nsrvreply)
*nsrvreply = 0;
// ... snip ... Near bottom, line ~165
/* everything looks fine, return the data */
*srv_out = srv;
*nsrvreply = ancount;
// ... snip ...
}
Those bottom lines should probably be:
/* everything looks fine, return the data */
if(srv_out) *srv_out = srv;
if(nsrvreply) *nsrvreply = ancount;
Received on 2009-10-23