GNU tar fixed-size name buffers use strcpy without room for NUL

While auditing GNU tar's name handling, I found several fixed-size or size-derived allocations that copy attacker-influenced path strings with strcpy/strcat after only partial size checks. The most concerning path is in directory recursion and name-buffer helpers where the allocation size is derived from a previous length, but the terminating NUL is not consistently accounted for. That pattern can turn long archive/member names or recursively appended subpaths into heap overflow conditions.