tar.1.35 has a heap buffer overflow vulnerability when splitting words through the wordsplit library.
reproduction case: ./tar1.35 --group-map=<(python3 -c
'print("\x27\x27\x3f\x3f"+"A"*4035)')
The changes in coalesce_segment from 1.34 to 1.35 cause the above testcase
to memcpy into a length one buffer without checking boundaries.
Thanks
Kenneth&Rutvik
