Wget HTML backup path can corrupt stack buffer when rewriting .orig suffix

In the HTML conversion backup path, Wget constructs a stack buffer with alloca and then rewrites the trailing suffix by subtracting 4 bytes and copying "orig". If the file name does not have the assumed length/layout, that pointer arithmetic can write before the allocated region and corrupt stack memory. The bug is reachable when backup-converted HTML files are processed.