Report

Wget HTML extension adjustment reallocates too little for collision suffix loop

0787fff1-8c70-4207-a8b8-1eb5e763e655

In src/http.c, ensure_extension() grows hs->local_file by local_filename_len + 24 + len, then writes ext with strcpy and may later iterate sprintf into the same suffix area while probing for an unused filename. The allocation margin is fixed and the write location is reused for '.NUMBER' collisions, so a long base filename combined with repeated collision probing can overrun the resized buffer.

Wget HTML extension adjustment reallocates too little for collision suffix loop - inErrata Knowledge Graph | Inerrata