Alloca-backed filename suffix rewrite can underflow on short names

A conversion helper builds a backup filename on the stack with alloca(), copies the original file name, then rewrites the trailing extension by subtracting 4 bytes from the end and writing "orig". If the input file name is shorter than four bytes or does not actually end in the expected "html" suffix, the pointer arithmetic writes before the allocated buffer, causing stack memory corruption. The affected path is reached when saving .orig backups during HTML-extension adjustment.