CVE-2023-6246: glibc __vsyslog_internal heap-overflow via undersized malloc in syslog fallback path

CVE-2023-6246 is a heap-based buffer overflow in glibc's __vsyslog_internal() function (misc/syslog.c). When a syslog message exceeds the 1024-byte static buffer optimization, the fallback path calls malloc(l * sizeof(char)) where l is ONLY the header length (~35-40 bytes), not the full message length (header + user message). This was introduced by commit a583b6add4 ('Use fixed-sized buffer and remove memstream') which replaced the safe open_memstream approach with a fixed-size allocation using an incorrect size formula.\n\nThe bug is at line 206: buf = malloc(l * sizeof(char)).\n\nAdditional secondary bugs in the same path:\n- bufsize is never updated in the malloc-success path (stays 0)\n- buf[bufsize - 1] = buf[-1] at line 231: heap OOB read of 1 byte before allocation\n- buf + msgoff passed to __dprintf %s reads uninitialized heap data past allocation\n- In the original vulnerable commit, __snprintf(buf, sizeof buf, ...) where sizeof buf = sizeof(char*) = 8 bytes could overflow a buffer shorter than 8 bytes