Merge branch 'bugfix/mdns_fuzzer_crashes' into 'master'

mdns: Fix null dereferences reported by fuzzer tests

See merge request espressif/esp-idf!14153

components/mdns/mdns.c

@@ -3171,9 +3171,9 @@ void mdns_parse_packet(mdns_rx_packet_t * packet)
                     if (discovery) {
                         service = _mdns_get_service_item(name->service, name->proto, NULL);
                         _mdns_remove_parsed_question(parsed_packet, MDNS_TYPE_SDPTR, service);
-                    } else if (parsed_packet->questions && !parsed_packet->probe) {
+                    } else if (service && parsed_packet->questions && !parsed_packet->probe) {
                         _mdns_remove_parsed_question(parsed_packet, type, service);
-                    } else {
+                    } else if (service) {
                         //check if TTL is more than half of the full TTL value (4500)
                         if (ttl > 2250) {
                             _mdns_remove_scheduled_answer(packet->tcpip_if, packet->ip_protocol, type, service);
@@ -3262,7 +3262,7 @@ void mdns_parse_packet(mdns_rx_packet_t * packet)
                                     }
                                     _mdns_restart_all_pcbs();
                                 }
-                            } else {
+                            } else if (service) {
                                 _mdns_pcb_send_bye(packet->tcpip_if, packet->ip_protocol, &service, 1, false);
                                 _mdns_init_pcb_probe(packet->tcpip_if, packet->ip_protocol, &service, 1, false);
                             }

components/mdns/test_afl_fuzz_host/test.c

@@ -205,6 +205,7 @@ int main(int argc, char** argv)
         // Note: parameter1 is a file (mangled packet) which caused the crash
         file = fopen(argv[1], "r");
         assert(file >= 0 );
+        len = fread(buf, 1, 1460, file);
         fclose(file);
     }