raster/vector: EAN/UPC: fix calculation of image/vector height to

allow for heights smaller than `textoffset` when have add-on
  (buffer overflow for raster, outside vector height for vector)
raster: EAN/UPC: make sure don't overwrite add-on stuff when
  line-copying guard descenders by limiting copy width
ZBarcode_Encode_Segs: allow for multiple (stacked) rows when
  setting absolute minimum height;
  state stacked symbols max in error message
DBAR_EXP: check length on encoding method 6 before trying to parse
  3-digit currency string with `z_to_int()`
CLI: stop looping over data args when have error;
  suppress taint warning by using fixed `malloc()` size for
  `arg_opts` instead of `argc`
general: use `vsnprintf()` instead of `vsprintf()` if not C89
ULTRACODE: don't call `ult_generate_codewords()` if `length` 0
  from fragment processing (avoids `assert()`)
clang-tidy -> 23 & suppress some warnings
test suite: fuzz: leave Z_FUZZ_DEBUG to compiler, fix comment
general: some minor code-formatting on touched files
README.deb -> README.debian (avoid confusion with actual ".deb")
BWIPP: update to latest

backend/tests/fuzz/README

@@ -1,4 +1,5 @@
-% backend/tests/fuzz/README 2026-03-22
+% backend/tests/fuzz/README 2026-03-26
+% Tested on Ubuntu 24.04 LTS
 % vim: set ts=4 sw=4 et :
 
 To run fuzzers "fuzz_data" and "fuzz_gs1" using OSS-Fuzz
@@ -23,7 +24,7 @@ Link zint's "backend/tests/fuzz" to a sub-dir of OSS-Fuzz`s project dir as "zint
     cd $OSS_FUZZ_DIR/projects
     ln -s $ZINT_DIR/backend/tests/fuzz $PROJECT_NAME
 
-Create corpus dirs, e.g. could create in the "build" dir in "<oss_fuzz_dir>":
+Create corpus dirs, e.g. could create in the "build" dir in "<oss-fuzz-clone-dir>":
 
     mkdir -p $OSS_FUZZ_DIR/build/corpus_data
     mkdir -p $OSS_FUZZ_DIR/build/corpus_gs1
@@ -33,7 +34,7 @@ Then can use OSS-Fuzz's python helpers to build the docker image and fuzzers:
     cd $OSS_FUZZ_DIR/projects/$PROJECT_NAME
     python3 $OSS_FUZZ_DIR/infra/helper.py build_image $PROJECT_NAME
 
-(on any subsequent runs can add "--no-pull" option to avoid question)
+(on any subsequent runs can add "--no-pull" option to avoid the "Pull latest base images" question)
 
     python3 $OSS_FUZZ_DIR/infra/helper.py build_fuzzers $PROJECT_NAME
 

backend/tests/fuzz/fuzz_data.c

@@ -34,14 +34,11 @@
 extern "C" {
 #endif /* __cplusplus */
 
-#if 0
-#define Z_FUZZ_DEBUG                 /* Set `symbol->debug` flag */
-#endif
 #include "fuzz.h"
 
-#if Z_FUZZ_MAIN
+#ifdef Z_FUZZ_MAIN
 /* For testing that a corpus file reproduces a bug:
-   cc -g -O0 -DZ_FUZZ_MAIN fuzz_data.c -o fuzz_data -lzint -fsanitize=address
+   cc -g -O0 -DZ_FUZZ_MAIN -DZ_FUZZ_DEBUG fuzz_data.c -o fuzz_data -lzint -fsanitize=address
    ./fuzz_data <corpus-file>
 */
 #include <errno.h>

backend/tests/fuzz/fuzz_gs1.c

@@ -34,9 +34,6 @@
 extern "C" {
 #endif /* __cplusplus */
 
-#if 0
-#define Z_FUZZ_DEBUG                 /* Set `symbol->debug` flag */
-#endif
 #include "fuzz.h"
 
 static const int symbologies[] = {
@@ -46,9 +43,9 @@ static const int symbologies[] = {
     BARCODE_UPCA_CC, BARCODE_UPCE_CC, BARCODE_DBAR_STK_CC, BARCODE_DBAR_OMNSTK_CC, BARCODE_DBAR_EXPSTK_CC,
 };
 
-#if Z_FUZZ_MAIN
+#ifdef Z_FUZZ_MAIN
 /* For testing that a corpus file reproduces a bug:
-   cc -g -O0 -DZ_FUZZ_MAIN fuzz_gs1.c -o fuzz_data -lzint -fsanitize=address
+   cc -g -O0 -DZ_FUZZ_MAIN -DZ_FUZZ_DEBUG fuzz_gs1.c -o fuzz_gs1 -lzint -fsanitize=address
    ./fuzz_gs1 <corpus-file>
 */
 #include <errno.h>

backend/tests/fuzz/gen_corpora.c

@@ -890,7 +890,8 @@ static const struct item gs1_data[] = {
     /*  3*/ { 7, BARCODE_UPCA_CC, GS1_MODE | GS1PARENS_MODE | GS1NOCHECK_MODE, 0, -1, -1, -1, -1, 0, 0, "()904OOOOO)CK0336680OOOOOOOOOOOOOO29[0kkkk%%%%(", -1 }, /* #300 (#11), Andre Maute (`gs1_verify()` not checking length on resolve AI data loop) */
     /*  4*/ { 8, BARCODE_GS1_128_CC, GS1_MODE | GS1NOCHECK_MODE, 0, -1, 3, -1, -1, 0, 0, "[]RRR___________________KKKRRR0000", -1 }, /* #300 (#13), Andre Maute (`calc_padding_ccc()` dividing by zero when linear width == 68) */
     /*  5*/ { 9, BARCODE_DBAR_EXP, GS1_MODE | GS1RAW_MODE, 0, -1, -1, -1, -1, 0, 0, "1012345678901234567890211", -1 }, /* #352, Simon Resch (`gs1_lint_parse_raw_caret()` check that data of AIs with non-predefined lengths are terminated with separators (unless last)) */
-    /*  5*/ { 10, BARCODE_DBAR_EXP, GS1_MODE | GS1NOCHECK_MODE | HEIGHTPERROW_MODE | FAST_MODE, 0, -1, -1, -1, -1, 0, 0, "1012345678901234567890211", -1 }, /* #352, Simon Resch (`gs1_lint_parse_raw_caret()` check that data of AIs with non-predefined lengths are terminated with separators (unless last)) */
+    /*  6*/ { 10, BARCODE_DBAR_EXP, GS1_MODE | GS1NOCHECK_MODE | HEIGHTPERROW_MODE | FAST_MODE, 0, -1, -1, -1, -1, 0, 0, "1012345678901234567890211", -1 }, /* #352, Simon Resch (`gs1_lint_parse_raw_caret()` check that data of AIs with non-predefined lengths are terminated with separators (unless last)) */
+    /*  7*/ { 11, BARCODE_DBAR_EXP, GS1_MODE | GS1NOCHECK_MODE | GS1RAW_MODE, 0, -1, -1, -1, -1, 0, 0, "01914190S5(60)1239322", -1 }, /* fuzz_gs1 (1st) check length on encoding method 6 before `z_to_int()` */
 };
 
 /* Write a setting as 1 char to filename, allowing for -1 meaning none (255 or zero) */