From dff28f195bcb335f537d13e01cbfc568d0cc150c Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 6 Sep 2014 07:18:21 -0700
Subject: [PROPOSED PATCH] Fix a subscript error that accessed uninitialized
 data.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* localtime.c (tzload): The number of entries in 'types'
is timecnt, not typecnt.
* NEWS: Mention this.
Problem reported by Jörg Richter in:
http://mm.icann.org/pipermail/tz/2014-September/021561.html
---
 NEWS        | 5 +++++
 localtime.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 50b5852..0327005 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,11 @@ Unreleased, experimental changes
     Shanks says Asia/Novokuznetsk switched from LMT (not "NMT") on 1924-05-01,
     not 1920-01-06.  The old entry was based on a misinterpretation of Shanks.
 
+  Changes affecting code
+
+    An access to uninitalized data has been fixed.
+    (Thanks to Jörg Richter for reporting the problem.)
+
 
 Release 2014g - 2014-08-28 12:31:23 -0700
 
diff --git a/localtime.c b/localtime.c
index 622f7d4..4b88d1e 100644
--- a/localtime.c
+++ b/localtime.c
@@ -571,10 +571,10 @@ tzload(register const char *name, register struct state *const sp,
 	** If type 0 is is unused in transitions,
 	** it's the type to use for early times.
 	*/
-	for (i = 0; i < sp->typecnt; ++i)
+	for (i = 0; i < sp->timecnt; ++i)
 		if (sp->types[i] == 0)
 			break;
-	i = (i >= sp->typecnt) ? 0 : -1;
+	i = i < sp->timecnt ? -1 : 0;
 	/*
 	** Absent the above,
 	** if there are transition times
-- 
1.9.1