--- a/libcap/cap_alloc.c	2023-06-26 18:42:42.295817583 +0200
+++ b/libcap/cap_alloc.c	2023-06-26 18:40:32.485375859 +0200
@@ -82,7 +82,14 @@
 	return NULL;
     }
 
-    raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
+    size_t len = strlen(old);
+    if ((len & 0x3fffffff) != len) {
+	_cap_debug("len is too long for libcap to manage");
+	errno = EINVAL;
+	return NULL;
+    }
+    len += 1 + sizeof(__u32);
+    raw_data = calloc(1, len);
     if (raw_data == NULL) {
 	errno = ENOMEM;
 	return NULL;