When creating a new zip entry via zipOpenNewFileInZip*()/zipWriteInFileInZip()/zipCloseFileInZipRaw*() compatibility API trio, the filename pointer passed in zipOpenNewFileInZip*() gets copied to a local structure, that is kept across calls (with the filename pointer in it), and then used again in the close operation. The problem arises when said buffer is no longer there (has different content/has been freed) at the time close is called. In such case, close will access an invalid pointer, calculates strlen() on said pointer and writes that invalid buffer content to the central zip directory. The same is true for the per-file comment pointer.

An explicit requirement to retain buffers between entry creation and close may be a solution, but the original minizip API didn't have such requirement, so the compatible (and also API-user-friendly) solution seems to be making a copy of both filename and comment buffers, and keep those pointers in memory till close is called (and free the buffers on close). This allows the caller to release those buffers right after the zipOpenNewFileInZip*() call, just like with the original minizip lib.