Avoid overrun when converting ns-resolution timestamps to text

Caught by gcc -fsanitize=address.
Inspired by Matthias Andree’s bug report in:
https://lists.gnu.org/r/bug-tar/2025-08/msg00019.html
though I found this bug via a simple "make check"
with sanitization enabled.
* src/common.h (TIMESPEC_STRSIZE_BOUND):
Make room for leading '-', needed in addition to the '-' room
supplied by SYSINT_BUFSIZE due to the way code_timespec works.

diff --git a/src/common.h b/src/common.h
index 24c53cc4f1570dd2e568724953d775abb879b4ab..b9d2ae48a051bd16e78da37e750478671006cc77 100644 (file)
--- a/src/common.h
+++ b/src/common.h
@@ -715,7 +715,7 @@ char *timetostr (time_t, char buf[SYSINT_BUFSIZE]);
 void code_ns_fraction (int ns, char *p);
 enum { BILLION = 1000000000, LOG10_BILLION = 9 };
 enum { TIMESPEC_STRSIZE_BOUND =
-         SYSINT_BUFSIZE + LOG10_BILLION + sizeof "." - 1 };
+         sizeof "-." - 1 + SYSINT_BUFSIZE + LOG10_BILLION };
 char const *code_timespec (struct timespec ts,
                           char tsbuf[TIMESPEC_STRSIZE_BOUND]);
 struct timespec decode_timespec (char const *, char **, bool);