Important maybe: 1024 is the max len of the /etc/passwd user.  Total, as in including username, gecos, shell, everything.
So if your username is test1 you have 31 chars left before you encounter the bug if no gecos.

This code is called, which I think calls the code that triggers the bug from pw being NULL when it shoudln't be earlier:

   pw = pw_locate (user);
	if (NULL == pw) {
		fprintf (stderr,
		         _("%s: user '%s' does not exist in %s\n"),
		         Prog, user, pw_dbname ());
		fail_exit (E_NOPERM);
	}

From pwio.h:
   extern /*@observer@*/ /*@null@*/const struct passwd *pw_locate (const char *name);

and from pwio.c:
/*@observer@*/ /*@null@*/const struct passwd *pw_locate (const char *name)
{
	return commonio_locate (&passwd_db, name);
}

We now have in lib/commonio.c:
/*
 * commonio_locate - Find the first entry with the specified name in
 *                   the database.
 *
 *	If found, it returns the entry and set the cursor of the database to
 *	that entry.
 *
 *	Otherwise, it returns NULL.
 */
/*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *db, const char *name)
{
	struct commonio_entry *p;

	if (!db->isopen) {
		errno = EINVAL;
		return NULL;
	}
	p = find_entry_by_name (db, name);
	if (NULL == p) {
		errno = ENOENT;
		return NULL;
	}
	db->cursor = p;
	return p->eptr;
}

^^^^ Which I think is getting confused and returning NULL when it should not.