[iforgotpassword]

This is not what the article is talking about.

It's talking about how the EOCD contains both the size of the central directory and the offset of the start of the central directory, which is redundant. So we end up with some tools honoring the offset, while some subtract the size from the EOCD.

[cxr]

It's true that the other comment is unrelated to the content of the article, but it's not true that the offset and size in the EOCD are redundant (for the reasons given in the earlier sibling comment).

[the_arun]

And how bad actors could take advantage of that.

[m3kw9]

I can think they would test which parser you have using some social engineering and create the zip appropriately, but they would also need to know the accountings parser. So I think they would just do the first step and leave it up to chance.