I've been able to reproduce the crash that lead to Dragos analysis and this PR, both in debian 8 and in CentOS 7.
But I tracked it down to a different cause, which is `libcurl` crashing when using the threaded resolver for DNS lookups. This happens even with latest `libcurl`.
The work around this was building `libcurl` with `c-ares` resolver, and that proved to solve the issue. This included tests under heavy load (hundreds of requests per second).
I meant to write my findings to the libcurl mailing list and ask for corroboration or indications, but I haven't had time yet, as bringing up the failing and working scenarios in a clean way to be shared with that ml is very time consuming.
For what concerns this specific Pull Request I haven't done any test/verification. I don't have it in the environments with the c-ares fix and there are no crashes, so perhaps it's not needed. The only thing I can suggest is that next time I do the load testing, I use the patch in this PR to verify there are no side effects.