Content-Disposition filename accumulation can overflow length arithmetic

While parsing HTTP Content-Disposition parameters, Wget appends RFC 2231/6266 filename segments into a heap string. The code computes the new allocation size using int-based strlen results and segment length arithmetic, then reallocates and copies the segment. Large or crafted header values can make the length calculation wrap or become inconsistent with the copy size, leading to heap corruption or crash during filename parsing.