[tz] [PROPOSED PATCH] zic fix storage-allocation bug with realloc

[Paul Eggert]

This bug was introduced in last month's Casablanca-in-2037 fix.
Problem found by valgrind.
* zic.c (outzone): Don't access freed storage.
---
 zic.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/zic.c b/zic.c
index 1c91d5a..9c696c6 100644
--- a/zic.c
+++ b/zic.c
@@ -2290,7 +2290,7 @@ outzone(const struct zone *zpfirst, int zonecount)
 	register int			compat;
 	register bool			do_extend;
 	register char			version;
-	struct attype *lastatmax = NULL;
+	int lastatmax = -1;
 
 	max_abbr_len = 2 + max_format_len + max_abbrvar_len;
 	max_envvar_len = 2 * max_abbr_len + 5 * 9;
@@ -2524,8 +2524,9 @@ outzone(const struct zone *zpfirst, int zonecount)
 				type = addtype(offset, ab, rp->r_stdoff != 0,
 					rp->r_todisstd, rp->r_todisgmt);
 				if (rp->r_hiyear == ZIC_MAX
-				    && ! (lastatmax && ktime < lastatmax->at))
-				  lastatmax = &attypes[timecnt];
+				    && ! (0 <= lastatmax
+					  && ktime < attypes[lastatmax].at))
+				  lastatmax = timecnt;
 				addtt(ktime, type);
 			}
 		}
@@ -2557,8 +2558,8 @@ error(_("can't determine time zone abbreviation to use just after until time"));
 				starttime = tadd(starttime, -gmtoff);
 		}
 	}
-	if (lastatmax)
-	  lastatmax->dontmerge = true;
+	if (0 <= lastatmax)
+	  attypes[lastatmax].dontmerge = true;
 	if (do_extend) {
 		/*
 		** If we're extending the explicitly listed observations
-- 
2.7.4