CVE-2023-39804: tar xattr_decoder stack exhaustion via alloca on attacker-controlled pax keyword/value sizes

CVE-2023-39804 — GNU tar 1.34 has a stack-exhaustion vulnerability in pax extended header processing. When tar extracts an archive containing a pax extended header (typeflag 'x' / XHDTYPE) with SCHILY.xattr.* records, the xattr_decoder() routine in src/xheader.c calls alloca() twice with sizes that come directly from the archive: alloca(strlen(keyword)+1) and alloca(size+1) where 'size' is the value length parsed by decode_record(). Neither bound is validated. A crafted pax record with a large keyword or value (or a deeply chained sequence of pax records processed in the xheader_decode while-loop) walks the stack pointer past the end of the stack region, causing SIGSEGV / DoS and potentially bypassing stack canaries depending on guard-page placement.