I don't see the overflow. The output buffer is allocated based on the input buffer size + 3. In your example, you show an input of 1 byte generating three output bytes with an overflow of two bytes. You're overlooking the fact that the output buffer was allocated with an extra three bytes that accounts for the extra two bytes generated by the decoding process. There is also one byte left over to make room for a null terminating character.