From 2ac83d0f27c5d11f69f93fda570b1470b25395ec Mon Sep 17 00:00:00 2001
From: David Cermak <cermak@espressif.com>
Date: Fri, 25 Jan 2019 17:19:13 +0100
Subject: [PATCH] mdns: fixed crash on free undefined ptr after skipped strdup

Shortcircuit evaluation may cause skip of _mdns_strdup_check of any further question field, which after clear_rx_packet freed undefined memory.
Fixes https://ezredmine.espressif.cn:8765/issues/28465


* Original commit: espressif/esp-idf@e0a8044a16907e642001b883469618a999dbe6db
---
 components/mdns/mdns.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/mdns/mdns.c b/components/mdns/mdns.c
index 742c47aee..c77c9443f 100644
--- a/components/mdns/mdns.c
+++ b/components/mdns/mdns.c
@@ -2590,7 +2590,7 @@ void mdns_parse_packet(mdns_rx_packet_t * packet)
                 parsed_packet->discovery = true;
                 mdns_srv_item_t * a = _mdns_server->services;
                 while (a) {
-                    mdns_parsed_question_t * question = (mdns_parsed_question_t *)malloc(sizeof(mdns_parsed_question_t));
+                    mdns_parsed_question_t * question = (mdns_parsed_question_t *)calloc(1, sizeof(mdns_parsed_question_t));
                     if (!question) {
                         HOOK_MALLOC_FAILED;
                         goto clear_rx_packet;
@@ -2618,7 +2618,7 @@ void mdns_parse_packet(mdns_rx_packet_t * packet)
                 parsed_packet->probe = true;
             }
 
-            mdns_parsed_question_t * question = (mdns_parsed_question_t *)malloc(sizeof(mdns_parsed_question_t));
+            mdns_parsed_question_t * question = (mdns_parsed_question_t *)calloc(1, sizeof(mdns_parsed_question_t));
             if (!question) {
                 HOOK_MALLOC_FAILED;
                 goto clear_rx_packet;