Any time I see code like:

      if ((len_len + (int) strlen (str)) <= max_len)

with int's I immediately start worrying about integer overflow leading to buffer overflow. Nobody seems to have mentioned this though.