From dae803335e6bc6d9751a360cd3f675ce4027853b Mon Sep 17 00:00:00 2001
From: David Cermak <cermak@espressif.com>
Date: Fri, 25 Jun 2021 08:33:38 +0200
Subject: [PATCH 1/2] mdns/fuzzer: Fix non-instrumentation test to reproduce
 fuzzer issues

Regression from 7d76245173 skipped reading the packet causing issues when locally reproducing crashed found by the fuzzer
---
 components/mdns/test_afl_fuzz_host/test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/mdns/test_afl_fuzz_host/test.c b/components/mdns/test_afl_fuzz_host/test.c
index 776a089cd9..58b304e922 100644
--- a/components/mdns/test_afl_fuzz_host/test.c
+++ b/components/mdns/test_afl_fuzz_host/test.c
@@ -205,6 +205,7 @@ int main(int argc, char** argv)
         // Note: parameter1 is a file (mangled packet) which caused the crash
         file = fopen(argv[1], "r");
         assert(file >= 0 );
+        len = fread(buf, 1, 1460, file);
         fclose(file);
     }
 

From 4a2e72677c6fb7681a7e2acd1a878d3deb114079 Mon Sep 17 00:00:00 2001
From: David Cermak <cermak@espressif.com>
Date: Fri, 25 Jun 2021 08:34:39 +0200
Subject: [PATCH 2/2] mdns: Fix crashes reported by the fuzzer tests

---
 components/mdns/mdns.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/mdns/mdns.c b/components/mdns/mdns.c
index 4ff5ae8f73..add474425e 100644
--- a/components/mdns/mdns.c
+++ b/components/mdns/mdns.c
@@ -3171,9 +3171,9 @@ void mdns_parse_packet(mdns_rx_packet_t * packet)
                     if (discovery) {
                         service = _mdns_get_service_item(name->service, name->proto, NULL);
                         _mdns_remove_parsed_question(parsed_packet, MDNS_TYPE_SDPTR, service);
-                    } else if (parsed_packet->questions && !parsed_packet->probe) {
+                    } else if (service && parsed_packet->questions && !parsed_packet->probe) {
                         _mdns_remove_parsed_question(parsed_packet, type, service);
-                    } else {
+                    } else if (service) {
                         //check if TTL is more than half of the full TTL value (4500)
                         if (ttl > 2250) {
                             _mdns_remove_scheduled_answer(packet->tcpip_if, packet->ip_protocol, type, service);
@@ -3262,7 +3262,7 @@ void mdns_parse_packet(mdns_rx_packet_t * packet)
                                     }
                                     _mdns_restart_all_pcbs();
                                 }
-                            } else {
+                            } else if (service) {
                                 _mdns_pcb_send_bye(packet->tcpip_if, packet->ip_protocol, &service, 1, false);
                                 _mdns_init_pcb_probe(packet->tcpip_if, packet->ip_protocol, &service, 1, false);
                             }