c-ares
diff --git a/‎ares_parse_a_reply.c‎
Lines changed: 6 additions & 2 deletions b/‎ares_parse_a_reply.c‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎ares_parse_aaaa_reply.c‎
Lines changed: 7 additions & 2 deletions b/‎ares_parse_aaaa_reply.c‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎test/fuzzcheck.sh‎
Lines changed: 1 addition & 0 deletions b/‎test/fuzzcheck.sh‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎test/fuzzinput/clusterfuzz-5650695891451904‎
32 Bytes b/‎test/fuzzinput/clusterfuzz-5650695891451904‎
32 Bytes
diff --git a/‎test/fuzzinput/clusterfuzz-5651369832218624‎
242 Bytes b/‎test/fuzzinput/clusterfuzz-5651369832218624‎
242 Bytes
diff --git a/‎test/fuzzinput/clusterfuzz-5674462260756480‎
1.64 KB b/‎test/fuzzinput/clusterfuzz-5674462260756480‎
1.64 KB
diff --git a/‎test/fuzzinput/clusterfuzz-5680630672654336‎
1.92 KB b/‎test/fuzzinput/clusterfuzz-5680630672654336‎
1.92 KB
diff --git a/‎test/fuzzinput/clusterfuzz-5683497160671232‎
51.3 KB b/‎test/fuzzinput/clusterfuzz-5683497160671232‎
51.3 KB
diff --git a/‎test/fuzzinput/clusterfuzz-5687310655422464‎
789 Bytes b/‎test/fuzzinput/clusterfuzz-5687310655422464‎
789 Bytes
diff --git a/‎test/fuzzinput/clusterfuzz-5695341573177344‎
44 Bytes b/‎test/fuzzinput/clusterfuzz-5695341573177344‎
44 Bytes
@@ -71,7 +71,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
 
       if (naddrttls)
         {
-          *naddrttls = naddrs;
+          *naddrttls = 0;
         }
 
       return status;
@@ -162,7 +162,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
               memcpy(hostent->h_addr_list[i],
                      &(((struct sockaddr_in *)next->ai_addr)->sin_addr),
                      sizeof(struct in_addr));
-              if (naddrttls)
+              if (naddrttls && i < *naddrttls)
                 {
                   if (next->ai_ttl > cname_ttl)
                     addrttls[i].ttl = cname_ttl;
@@ -177,6 +177,10 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
             }
           next = next->ai_next;
         }
+      if (i == 0)
+        {
+          ares_free(addrs);
+        }
     }
 
   if (host)
 
@@ -73,7 +73,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
 
       if (naddrttls)
         {
-          *naddrttls = naddrs;
+          *naddrttls = 0;
         }
 
       return status;
@@ -164,7 +164,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
               memcpy(hostent->h_addr_list[i],
                      &(((struct sockaddr_in6 *)next->ai_addr)->sin6_addr),
                      sizeof(struct ares_in6_addr));
-              if (naddrttls)
+              if (naddrttls && i < *naddrttls)
                 {
                     if(next->ai_ttl > cname_ttl)
                       addrttls[i].ttl = cname_ttl;
@@ -179,6 +179,11 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
             }
           next = next->ai_next;
         }
+
+      if (i == 0)
+        {
+          ares_free(addrs);
+        }
     }
 
   if (host)
 
@@ -1,4 +1,5 @@
 #!/bin/sh
+set -e
 # Check that all of the base fuzzing corpus parse without errors
 ./aresfuzz fuzzinput/*
 ./aresfuzzname fuzznames/*
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,`
`71`	`71`
`72`	`72`	`if (naddrttls)`
`73`	`73`	`{`
`74`		`- *naddrttls = naddrs;`
	`74`	`+ *naddrttls = 0;`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`return status;`
`@@ -162,7 +162,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,`
`162`	`162`	`memcpy(hostent->h_addr_list[i],`
`163`	`163`	`&(((struct sockaddr_in *)next->ai_addr)->sin_addr),`
`164`	`164`	`sizeof(struct in_addr));`
`165`		`- if (naddrttls)`
	`165`	`+ if (naddrttls && i < *naddrttls)`
`166`	`166`	`{`
`167`	`167`	`if (next->ai_ttl > cname_ttl)`
`168`	`168`	`addrttls[i].ttl = cname_ttl;`
`@@ -177,6 +177,10 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,`
`177`	`177`	`}`
`178`	`178`	`next = next->ai_next;`
`179`	`179`	`}`
	`180`	`+ if (i == 0)`
	`181`	`+ {`
	`182`	`+ ares_free(addrs);`
	`183`	`+ }`
`180`	`184`	`}`
`181`	`185`
`182`	`186`	`if (host)`
Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,`
`73`	`73`
`74`	`74`	`if (naddrttls)`
`75`	`75`	`{`
`76`		`- *naddrttls = naddrs;`
	`76`	`+ *naddrttls = 0;`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`return status;`
`@@ -164,7 +164,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,`
`164`	`164`	`memcpy(hostent->h_addr_list[i],`
`165`	`165`	`&(((struct sockaddr_in6 *)next->ai_addr)->sin6_addr),`
`166`	`166`	`sizeof(struct ares_in6_addr));`
`167`		`- if (naddrttls)`
	`167`	`+ if (naddrttls && i < *naddrttls)`
`168`	`168`	`{`
`169`	`169`	`if(next->ai_ttl > cname_ttl)`
`170`	`170`	`addrttls[i].ttl = cname_ttl;`
`@@ -179,6 +179,11 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,`
`179`	`179`	`}`
`180`	`180`	`next = next->ai_next;`
`181`	`181`	`}`
	`182`	`+`
	`183`	`+ if (i == 0)`
	`184`	`+ {`
	`185`	`+ ares_free(addrs);`
	`186`	`+ }`
`182`	`187`	`}`
`183`	`188`
`184`	`189`	`if (host)`