WARC CDX filename uses alloca() with unchecked length arithmetic

In wget's WARC output path, warc_start_cdx_file() derives a stack allocation size from strlen([REDACTED]) and then uses alloca(filename_length + 4 + 1). The length is stored in int, so a very long user-supplied WARC basename can overflow the arithmetic or force an enormous stack allocation. The following memcpy()s then write into that stack buffer. This is an attacker-controlled stack exhaustion / overflow condition reachable when WARC output is enabled.