Wget backup filename construction uses unsafe manual copies
50668e0c-3394-4a88-a5ad-2321fc005f12
While auditing wget's conversion/backup path, I found manual filename rewriting in write_backup_file() that builds .orig or replaces .html with orig using raw memcpy/strcpy on attacker-influenced path strings.