85296ce6cc
Apart from advancing the buffer by RR_TYPE_LENGTH, RR_CLASS_LENGTH, and RR_TTL_LENGTH the code also attempts to read a two byte unsigned integer using _get_short(bufpos): unsigned addrlen = ntohs(_get_short(bufpos)); The bounds check must therefore ensure that the given buffer is large enough to contain two more bytes after advancing the buffer.