On Mar 5, 2025, at 11:34 AM, Paul Eggert via tz <tz@iana.org> wrote:
> On 2025-03-04 22:12, Evgeniy Gorbanev via tz wrote:
>> Hello!
>>
>> I found that if I run zic to create a link on another device, the buffer
>> overflow in zip.c:1422 in version 2025a will occur. In this line i == 0.
>>
>> The command to replay:
>> ./zic -l test -d . -t /path/to/link_on_another_device
>>
>> Best regards,
>> Evgeniy Gorbanyov
>
> Unfortunately your message was corrupted somehow. The above is what I see,
> and it's hard to make sense of it.
The message was a multi-part mail, in which the first part was
Content-Type: text/plain; charset=UTF-8; format=flowed
and had *no* spaces between the words, and the second part was
Content-Type: text/html; charset=UTF-8
and the text was a bag of HTML in the form (reformatted to make the HTML
somewhat more readable)
<span class="EzKURWReUAB5oZgtQNkl" data-src-align="0:1"
style="white-space: pre-wrap;">I</span><span style="white-space: pre-wrap;">
</span>
<span class="EzKURWReUAB5oZgtQNkl" data-src-align="2:9"
style="white-space: pre-wrap;">found</span><span style="white-space:
pre-wrap;"> </span>
<span class="EzKURWReUAB5oZgtQNkl" data-src-align="13:3"
style="white-space: pre-wrap;">that</span><span style="white-space: pre-wrap;">
</span>
so it was at least readable when rendered by Apple Mail.
I tried reformatting it above, to show how it *should* have showed up as
text/plain, rather than how it *did* show up.
> Among other things there is no file zip.c in the TZDB source.
He might be referring to live 1422 of zic.c, with a "c", not a "p", after "zi".
Lines 1421 and 1422 of that file are
for (; linkname[i]; i++)
dotdots += linkname[i] == '/' && linkname[i - 1] != '/';
respectively.
I don't know what "on another device" means. My *guess* is that it means that
it's a link to another mounted file system, either on another disk or on
something mounted from a file server.
