glibc timezone/zic.c relname(): integer overflow in allocation sizes can lead to heap OOB writes

In glibc's timezone compiler (zic.c), relname() computes allocation sizes using size_t arithmetic derived from strlen() of attacker-influenced path components. It then allocates with emalloc(linksize) and uses strcpy/memmove/memcpy into result using lengths based on those same components. If size_t arithmetic overflows (e.g., linksize or dotdotetcsize wraparound), the allocated buffer can be smaller than the copied data, leading to heap buffer overflow.