Michal Zalewski discovered an out of bounds write issue in cpio, a tool
for creating and extracting cpio archive files. In the process of
fixing that issue, the cpio developers found and fixed additional
range checking and null pointer dereference issues.