project(): Fix potential buffer write-past-end for version components
This fixes a regression introduced by !3517 (merged) where a maximum buffer size holding version components as strings was too small due to two off-by-one errors:
- Not accounting for the trailing null.
- A misunderstanding of what
std::numeric_limits::digits10means (see https://en.cppreference.com/w/cpp/types/numeric_limits/digits10 for a good explanation).
The regressions could have allowed the code to write past the end of the buffer for sufficiently large version component numbers. A test was added that allows the address sanitiser to catch such cases (verified locally before and after the fix was applied).
In the process of fixing this, it was found that the
math() command couldn't be used to create the tests due to an undocumented requirement that expressions must be representable as signed 64-bit integers, so I've included a small doc update to address that too as a separate commit.