In __alloc_dir in sysdeps/posix/opendir.c, st_blksize can be a large value from a source which is not necessarily trusted. Therefore, we should check that the addition does not overflow and fall back to default_allocation in that case.
Fixed in commit 172a631a1fc8ec8fcef80af1f91438d092957c3e.