[Dnsmasq-discuss] Bug: Null pointer dereference in domain-match.c at line 82 (dnsmasq 2.92test21-1-gee09f06)

Simon Kelley simon at thekelleys.org.uk
Mon Mar 16 15:38:50 UTC 2026 

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=c8168e888eb42870e10e6d9d96609d4c3cf2e06d

Fixes this.

A NULL pointer is only ever passed when the array size is zero, and real 
world qsort() implementations seem to behave in a sensible manner under 
those conditions, so this isn't a problem that's going to inconvenience 
anyone. Good to get it right anyway.


Thanks for the report.


Simon.

On 09.03.2026 13:24, fuyulai2024 wrote:
> ## Description
> 
> ```
> 
> dnsmasq attempts to pass a null pointer (NULL) to a function in the 
> domain-match.c file at line 82,
> 
> while the function's parameter is declared as nonnull (i.e., it must not 
> be NULL).
> 
> As declared in the function's parameter attributes in C, the function 
> expects to receive a non-null pointer.
> 
> However, dnsmasq passes a null pointer during the function call, which 
> may lead to a program crash.
> 
> ```
> 
> ## Running Environment
> 
> ```
> 
> Distributor ID: Ubuntu
> 
> Description: Ubuntu 20.04.6 LTS
> 
> Release: 20.04
> 
> Codename: focal
> 
> ```
> 
> ## Protocol Implementation Version
> 
> ```
> 
> root at cbf1f9c04f26:~/dnsmasq/src# git log --oneline
> 
> ee09f06 (HEAD -> master, origin/master, origin/HEAD) Optimise tftp.
> 
> 1e83316 (tag: v2.92test21) Formatting.
> 
> 9a566c0 Tweak recently altered TFTP code.
> 
> ```
> 
> ## Build
> 
> ```
> 
> export CC=afl-clang-fast
> 
> export CXX=afl-clang-fast++
> 
> make COPTS="-g -fsanitize=address,undefined -fno-omit-frame-pointer" 
> LDFLAGS="-fsanitize=address,undefined"
> 
> ```
> 
> ## Logs
> 
> ```
> 
> root at cbf1f9c04f26:~/dnsmasq/src# ./dnsmasq -p 5353 -d -C /root/dnsmasq/ 
> dnsmasq.conf -8 /var/log/dnsmasq/dnsmasq.log
> 
> pc_guard: [INIT] bitmap has been allocted from addr 8696316 to 8914568 
> [ 54563 bits - ratio: 100%]
> 
> lucky: [INIT] bitmap has been allocted from idx 1 to 54563
> 
> lucky: [INIT]inital edge cnt: 2119
> 
> Shared Memory: /dev/shm/cov_bitmap_dns
> 
> dnsmasq: started, version 2.92test21-1-gee09f06 cachesize 150
> 
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n 
> no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-nftset auth no- 
> DNSSEC loop-detect inotify dumpfile
> 
> domain-match.c:82:9: runtime error: null pointer passed as argument 1, 
> which is declared to never be null
> 
> /usr/include/stdlib.h:831:30: note: nonnull attribute specified here
> 
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior domain- 
> match.c:82:9 in
> 
> dnsmasq: reading /etc/resolv.conf
> 
> dnsmasq: using nameserver 192.168.65.7#53
> 
> dnsmasq: read /etc/hosts - 9 names
> 
> ```
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list