this is interesting. the p != qp->curdest check would just support my point because it effectively checks if p is valid. if p would be at qp->curdest, it would be past the last valid entry and hence invalid so its not written.
but theres another thing, look in queryns() how p comes to be: /* find responder */ // dnslog("queryns got reply from %I", srcip); for(p = qp->dest; p < qp->curdest; p++) if(memcmp(p->a, srcip, sizeof p->a) == 0) break; for(np = qp->dest; np < qp->curdest; np++) if(np->s == p->s) <-- oops, p might be qp->curdest here p->nx = Maxtrans; <-- fuck! rv = procansw(qp, &m, srcip, depth, p); i think we also need to check p != qp->curdest before that 2nd for loop or it would trash the entry at curdist. @@ -1439,9 +1438,10 @@ break; /* remove all addrs of responding server from list */ - for(np = qp->dest; np < qp->curdest; np++) - if(np->s == p->s) - p->nx = Maxtrans; + if(p != qp->curdest) + for(np = qp->dest; np < qp->curdest; np++) + if(np->s == p->s) + p->nx = Maxtrans; /* free or incorporate RRs in m */ rv = procansw(qp, &m, srcip, depth, p); -- cinap