CVE-2022-48303: tar from_header() base-256 decoder off-by-one heap over-read

GNU tar 1.34 (src/list.c, function from_header) has a one-byte heap buffer over-read (CVE-2022-48303) in its base-256 (binary) numeric field decoder. Two pre-processing steps advance the where pointer before the base-256 marker check: (1) where += !*where skips a leading NUL byte (legacy compat, line 757), and (2) a loop skips leading spaces (lines 760-775). After these steps, if where == lim - 1 (only 1 byte remains) AND that byte is \\200 or \\377 (base-256 markers), the decoder is entered without verifying ≥2 bytes remain. The sign byte is consumed (line 890: value = (*where++ & ...) - signbit), advancing where to lim. The for loop then reads *lim (one byte past the buffer) and increments further. The where == lim termination check (line 894) is permanently false once where has passed lim, causing unbounded heap over-reads until an overflow check or segfault. Since the archive I/O buffer is heap-allocated, this is a genuine heap buffer overflow (CWE-193).