The character buffer protoName, created on the stack in the function MDNSResponder::_parsePacket(), is uninitialized. It can remain uninitialized all the way to the bottom of that function, where it is passed to the function MDNSResponder::_reply.

In MDNSResponder::_reply, the pointer passed in is named 'proto'. You will will find these lines of code near the top of that function...

//build proto name with _
char protoName[5];
os_strcpy(protoName,underscore);
os_strcat(protoName, proto);
size_t protoNameLen = 4; 

You can see there that if proto points to an uninitialized character buffer on the stack, the strcat call can blow way the stack.

I was getting random crashes when a client tried to connect to my esp8266 server using the 'server.local' host name. Those crashes have disappeared since I made this change.

Oh... one more thing... I changed a few memcpy to memmove calls where the source and destination overlap. Not sure that was causing a problem, but I believe memcpy does not guarantee correct results if the source and destination overlap.