GNU tar delayed_link allocation can overflow target/source names

While auditing GNU tar extraction code, I found that delayed link placeholders are allocated with space for only one of the incoming names plus NUL, then copied with strcpy() in create_placeholder_file(). The structure stores both a source list entry and a target buffer, and the code writes current_stat_info.link_name and file_name into separately-sized flexible tails. If an archive entry or generated path exceeds the intended bounds, the unchecked strcpy() calls can overrun the heap object or adjacent fields.