David's analysis and fix look good to me; I plan to incorporate the fix in the next time zone bundle. Now if only C had an &&= operator... --ado -----Original Message----- From: Olson, Arthur David (NIH/NCI) [E] Sent: Thursday, July 27, 2006 2:20 PM To: tz@lecserver.nci.nih.gov Cc: lawless@spamcop.net Subject: FW: apparent bug in 7/26/06 version of 'tzload()' David Lawless is not on the time zone mailing list; direct replies appropriately. -----Original Message----- From: David Lawless [mailto:lawless@spamcop.net] Sent: Thursday, July 27, 2006 2:04 PM To: tz@lecserver.nci.nih.gov Subject: apparent bug in 7/26/06 version of 'tzload()' While experimenting with 'localhost.c' I discovered a bug in 'localtime.c' in 'tzload()'. The last few lines setup two flags 'goback' and 'goahead'. This code executes some invalid negative-offset array dereferences when the number of points in the array is too small. RHEL4.3 (CentOS 4.3) has zone files with fewer than 800 years in them and provokes this. I believe the attached patch corrects the problem. However I don't understand the purpose of the code and may have got it wrong. Please CC my e-mail with any replies as I'm not on the mailing list. Regards, David Lawless